CWE
345 287
Advisory Published
Updated

CVE-2022-0715

First published: Wed Mar 09 2022(Updated: )

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Credit: cybersecurity@se.com cybersecurity@se.com

Affected SoftwareAffected VersionHow to fix
Schneider-electric Smt Series 1015 Ups Firmware<=04.5
Schneider-electric Smt Series 1015 Ups
Schneider-electric Smc Series 1018 Ups Firmware<=04.2
Schneider-electric Smc Series 1018 Ups
Schneider-electric Smtl Series 1026 Ups Firmware<=02.9
Schneider-electric Smtl Series 1026 Ups
Schneider-electric Scl Series 1029 Ups Firmware<=02.5
Schneider-electric Scl Series 1029 Ups
Schneider-electric Scl Series 1030 Ups Firmware<=02.5
Schneider-electric Scl Series 1030 Ups
Schneider-electric Scl Series 1036 Ups Firmware<=02.5
Schneider-electric Scl Series 1036 Ups
Schneider-electric Scl Series 1037 Ups Firmware<=03.1
Schneider-electric Scl Series 1037 Ups
Schneider-electric Smx Series 1031 Ups Firmware<=03.1
Schneider-electric Smx Series 1031 Ups
Schneider-electric Smt Series 18 Ups Firmware<=09.8
Schneider-electric Smt Series 18 Ups
Schneider-electric Smt Series 1040 Ups Firmware<=01.2
Schneider-electric Smt Series 1040 Ups
Schneider-electric Smt Series 1031 Ups Firmware<=03.1
Schneider-electric Smt Series 1031 Ups
Schneider-electric Smc Series 1005 Ups Firmware<=14.1
Schneider-electric Smc Series 1005 Ups
Schneider-electric Smc Series 1007 Ups Firmware<=11.0
Schneider-electric Smc Series 1007 Ups
Schneider-electric Smc Series 1041 Ups Firmware<=01.1
Schneider-electric Smc Series 1041 Ups
Schneider-electric Smx Series 20 Ups Firmware<=10.2
Schneider-electric Smx Series 20 Ups
Schneider-electric Smx Series 23 Ups Firmware<=07.0
Schneider-electric Smx Series 23 Ups
Schneider-electric Srt Series 1010 Ups Firmware<=08.3
Schneider-electric Srt Series 1010 Ups
Schneider-electric Srt Series 1019 Ups Firmware<=08.3
Schneider-electric Srt Series 1019 Ups
Schneider-electric Srt Series 1025 Ups Firmware<=08.3
Schneider-electric Srt Series 1025 Ups
Schneider-electric Srt Series 1020 Ups Firmware<=10.4
Schneider-electric Srt Series 1020 Ups
Schneider-electric Srt Series 1021 Ups Firmware<=12.2
Schneider-electric Srt Series 1021 Ups
Schneider-electric Srt Series 1001 Ups Firmware<=05.1
Schneider-electric Srt Series 1001 Ups
Schneider-electric Srt Series 1013 Ups Firmware<=05.1
Schneider-electric Srt Series 1013 Ups
Schneider-electric Srt Series 1002 Ups Firmware<=a05.2
Schneider-electric Srt Series 1002 Ups
Schneider-electric Srt Series 1014 Ups Firmware<=a05.2
Schneider-electric Srt Series 1014 Ups
Schneider-electric Srtl1000rmxli Firmware<=01.0
Schneider-electric Srtl1000rmxli
Schneider-electric Srtl1000rmxli-nc Firmware<=01.0
Schneider-electric Srtl1000rmxli-nc
Schneider-electric Srtl1500rmxli-nc Firmware<=01.0
Schneider-electric Srtl1500rmxli-nc
Schneider-electric Srtl1500rmxli Firmware<=01.0
Schneider-electric Srtl1500rmxli
Schneider-electric Srtl2200rmxli Firmware<=01.0
Schneider-electric Srtl2200rmxli
Schneider-electric Srtl2200rmxli-nc Firmware<=01.0
Schneider-electric Srtl2200rmxli-nc
Schneider-electric Srtl3000rmxli-nc Firmware<=01.0
Schneider-electric Srtl3000rmxli-nc
Schneider-electric Srtl3000rmxli Firmware<=01.0
Schneider-electric Srtl3000rmxli

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203