critical
9.1
CWE
345 287
Advisory Published
Updated

CVE-2022-0715

First published: Wed Mar 09 2022(Updated: )

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Credit: cybersecurity@se.com

Affected SoftwareAffected VersionHow to fix
Schneider-electric Smt Series 1015 Ups Firmware<=04.5
Schneider-electric Smt Series 1015 Ups Firmware
Schneider-electric Smc Series 1018 Ups Firmware<=04.2
Schneider Electric SMC Series 1018 UPS
Schneider-electric Smtl Series 1026 Ups<=02.9
Schneider-electric Smtl Series 1026 Ups Firmware
Schneider-electric Scl Series 1029 Ups Firmware<=02.5
Schneider-electric Scl Series 1029 Ups Firmware
Schneider-electric Scl Series 1030 Ups Firmware<=02.5
Schneider-electric Scl Series 1030 Ups Firmware
Schneider-electric SCL Series 1036 UPS<=02.5
Schneider-electric SCL Series 1036 UPS
Schneider-electric Scl Series 1037 Ups<=03.1
Schneider-electric Scl Series 1037 Ups Firmware
Schneider Electric Smx Series 1031 UPS<=03.1
Schneider-electric Smx Series 1031 Ups Firmware
Schneider-electric Smt Series 18 Ups<=09.8
Schneider-electric Smt Series 18 Ups Firmware
Schneider-electric Smt Series 1040 Ups<=01.2
Schneider Electric SMT Series 1040 UPS Firmware
Schneider-electric Smt Series 1031 Ups Firmware<=03.1
Schneider-electric Smt Series 1031 Ups Firmware
Schneider-electric Smc Series 1005 Ups<=14.1
Schneider-electric Smc Series 1005 Ups
Schneider-electric Smc Series 1007 Ups Firmware<=11.0
Schneider-electric Smc Series 1007 Ups Firmware
Schneider-electric Smc Series 1041 Ups<=01.1
Schneider-electric Smc Series 1041 Ups Firmware
Schneider Electric SMX Series 20 UPS<=10.2
Schneider-electric Smx Series 20 Ups Firmware
Schneider-electric Smx Series 23 Ups Firmware<=07.0
Schneider-electric Smx Series 23 Ups Firmware
Schneider Electric SRT Series UPS<=08.3
Schneider-electric Srt Series 1010 Ups Firmware
Schneider-electric Srt Series 1019 Ups<=08.3
Schneider Electric SRT Series UPS
Schneider-electric Srt Series 1025 Ups<=08.3
Schneider Electric SRT Series UPS
Schneider Electric SRT Series UPS<=10.4
Schneider-electric Srt Series 1020 Ups Firmware
Schneider-electric Srt Series 1021 Ups Firmware<=12.2
Schneider-electric Srt Series 1021 Ups Firmware
Schneider-electric Srt Series 1001 Ups<=05.1
Schneider Electric SRT Series UPS
Schneider-electric Srt Series 1013 Ups Firmware<=05.1
Schneider-electric Srt Series 1013 Ups Firmware
Schneider Electric SRT Series UPS<=a05.2
Schneider-electric Srt Series 1002 Ups Firmware
Schneider-electric Srt Series 1014 Ups<=a05.2
Schneider Electric SRT Series UPS
Schneider Electric SRTL1000RMXLI-NC<=01.0
Schneider Electric SRTL1000RMXLI
Schneider Electric SRTL1000RMXLI-NC<=01.0
Schneider Electric SRTL1000RMXLI
Schneider-electric SRTL1500RMXLI-NC Firmware<=01.0
Schneider-electric SRTL1500RMXLI-NC Firmware
Schneider-electric SRTL1500RMXLI-NC Firmware<=01.0
Schneider-electric SRTL1500RMXLI-NC Firmware
Schneider Electric SRTL2200RMXLI-NC<=01.0
Schneider-electric SRTL2200RMXLI Firmware
Schneider Electric SRTL2200RMXLI-NC<=01.0
Schneider Electric SRTL2200RMXLI-NC
Schneider Electric SRTL3000RMXLI-NC<=01.0
Schneider Electric SRTL3000RMXLI-NC
Schneider Electric SRTL3000RMXLI<=01.0
Schneider Electric SRTL3000RMXLI-NC

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-0715?

    The severity of CVE-2022-0715 is considered high due to its potential impact on system integrity.

  • How do I fix CVE-2022-0715?

    To fix CVE-2022-0715, you should update the firmware of affected Schneider Electric UPS devices to the latest version.

  • Which products are affected by CVE-2022-0715?

    Products affected by CVE-2022-0715 include various models of Schneider Electric's APC Smart-UPS and related series.

  • What is the nature of the vulnerability in CVE-2022-0715?

    CVE-2022-0715 is an improper authentication vulnerability that may allow an attacker to upload malicious firmware.

  • What are the risks associated with CVE-2022-0715?

    The risks associated with CVE-2022-0715 include potential unauthorized control over UPS operations which can disrupt service and damage systems.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203