CVE-2022-0715 - OpenCVE

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Smtl Series 1026 Ups Smt Series 1015 Ups Srt Series 1019 Ups Firmware Srtl3000rmxli-nc Firmware Srt Series 1001 Ups Firmware Smt Series 1040 Ups Srt Series 1020 Ups Firmware Smt Series 1031 Ups Scl Series 1029 Ups Firmware Srtl3000rmxli-nc Scl Series 1036 Ups Firmware Srtl3000rmxli Scl Series 1029 Ups Srt Series 1013 Ups Firmware Srt Series 1001 Ups Smx Series 1031 Ups Srt Series 1013 Ups Srtl1500rmxli Firmware Smt Series 18 Ups Scl Series 1030 Ups Srtl1500rmxli Srtl2200rmxli-nc Firmware Smc Series 1018 Ups Srtl1000rmxli-nc Firmware Srt Series 1010 Ups Firmware Srt Series 1019 Ups Smc Series 1041 Ups Firmware Srtl1500rmxli-nc Srt Series 1002 Ups Smt Series 1031 Ups Firmware Srtl3000rmxli Firmware Srt Series 1025 Ups Smc Series 1005 Ups Smc Series 1007 Ups Firmware Smx Series 1031 Ups Firmware Srtl1500rmxli-nc Firmware Smc Series 1007 Ups Srt Series 1021 Ups Srt Series 1014 Ups Firmware Srtl1000rmxli Srt Series 1020 Ups Smx Series 23 Ups Smtl Series 1026 Ups Firmware Smx Series 23 Ups Firmware Smt Series 1040 Ups Firmware Smt Series 1015 Ups Firmware Srt Series 1025 Ups Firmware Scl Series 1037 Ups Smc Series 1005 Ups Firmware Smx Series 20 Ups Firmware Scl Series 1037 Ups Firmware Smt Series 18 Ups Firmware Smx Series 20 Ups Srt Series 1014 Ups Srtl1000rmxli Firmware Smc Series 1018 Ups Firmware Srt Series 1002 Ups Firmware Smc Series 1041 Ups Srtl2200rmxli Srtl2200rmxli Firmware Scl Series 1030 Ups Firmware Srtl1000rmxli-nc Srtl2200rmxli-nc Scl Series 1036 Ups Srt Series 1021 Ups Firmware Srt Series 1010 Ups

Configuration 1 [-]

AND

cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:schneider-electric:smt_series_18_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smt_series_18_ups:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:schneider-electric:smt_series_1040_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smt_series_1040_ups:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:smt_series_1031_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smt_series_1031_ups:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:smc_series_1005_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smc_series_1005_ups:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:smc_series_1007_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smc_series_1007_ups:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:schneider-electric:smc_series_1041_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smc_series_1041_ups:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:schneider-electric:smx_series_20_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smx_series_20_ups:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:schneider-electric:smx_series_23_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:smx_series_23_ups:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1010_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1010_ups:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1019_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1019_ups:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1025_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1025_ups:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1020_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1020_ups:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1021_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1021_ups:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1001_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1001_ups:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1013_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1013_ups:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1002_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1002_ups:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:schneider-electric:srt_series_1014_ups_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srt_series_1014_ups:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:schneider-electric:srtl1000rmxli_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl1000rmxli:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:schneider-electric:srtl1000rmxli-nc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl1000rmxli-nc:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:schneider-electric:srtl1500rmxli-nc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl1500rmxli-nc:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:schneider-electric:srtl1500rmxli_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl1500rmxli:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:schneider-electric:srtl2200rmxli_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl2200rmxli:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:schneider-electric:srtl2200rmxli-nc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl2200rmxli-nc:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:schneider-electric:srtl3000rmxli-nc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl3000rmxli-nc:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:schneider-electric:srtl3000rmxli_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:srtl3000rmxli:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.se.com/ww/en/download/document/SEVD-2022-067-02/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2022-03-09T19:30:14

Updated: 2022-03-28T16:25:27

Reserved: 2022-02-21T00:00:00

Link: CVE-2022-0715

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-09T20:15:08.300

Modified: 2023-07-21T17:12:11.407

Link: CVE-2022-0715

JSON object: View

Redhat Information

No data.

CWE