ID

VAR-202203-0235


CVE

CVE-2022-0715


TITLE

Schneider Electric  Made  APC Smart-UPS Family  and  APC SmartConnect Family  Product authentication vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-001579

DESCRIPTION

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior). Schneider Electric Made APC Smart-UPS Family and APC SmartConnect Family The product contains an authentication vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Schneider Electric APC Smart-UPS SMC Series, etc. are all products of the French Schneider Electric (Schneider Electric). The Schneider Electric APC Smart-UPS SMC Series is an entry-level UPS for single server, low-power networking, and point-of-sale (POS) devices. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point of sale, routers, switches, hubs and other network equipment. Schneider Electric APC Smart-UPS SRT Series is a high density, true double conversion online power protection

Trust: 2.16

sources: NVD: CVE-2022-0715 // JVNDB: JVNDB-2022-001579 // CNVD: CNVD-2022-18772

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-18772

AFFECTED PRODUCTS

vendor:schneidermodel:electric scl series id=1030 <=upsscope:eqversion:02.5

Trust: 1.2

vendor:schneidermodel:electric scl series id=1036 <=upsscope:eqversion:02.5

Trust: 1.2

vendor:schneider electricmodel:scl series 1029 upsscope:lteversion:02.5

Trust: 1.0

vendor:schneider electricmodel:srt series 1014 upsscope:lteversion:a05.2

Trust: 1.0

vendor:schneider electricmodel:smx series 23 upsscope:lteversion:07.0

Trust: 1.0

vendor:schneider electricmodel:srt series 1001 upsscope:lteversion:05.1

Trust: 1.0

vendor:schneider electricmodel:smx series 1031 upsscope:lteversion:03.1

Trust: 1.0

vendor:schneider electricmodel:srt series 1013 upsscope:lteversion:05.1

Trust: 1.0

vendor:schneider electricmodel:srtl1500rmxliscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:srt series 1025 upsscope:lteversion:08.3

Trust: 1.0

vendor:schneider electricmodel:smt series 18 upsscope:lteversion:09.8

Trust: 1.0

vendor:schneider electricmodel:srtl2200rmxliscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:scl series 1036 upsscope:lteversion:02.5

Trust: 1.0

vendor:schneider electricmodel:smc series 1005 upsscope:lteversion:14.1

Trust: 1.0

vendor:schneider electricmodel:srtl1500rmxli-ncscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:srt series 1010 upsscope:lteversion:08.3

Trust: 1.0

vendor:schneider electricmodel:srt series 1002 upsscope:lteversion:a05.2

Trust: 1.0

vendor:schneider electricmodel:smt series 1015 upsscope:lteversion:04.5

Trust: 1.0

vendor:schneider electricmodel:srtl2200rmxli-ncscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:srtl1000rmxliscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:srtl3000rmxliscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:smx series 20 upsscope:lteversion:10.2

Trust: 1.0

vendor:schneider electricmodel:scl series 1030 upsscope:lteversion:02.5

Trust: 1.0

vendor:schneider electricmodel:smt series 1031 upsscope:lteversion:03.1

Trust: 1.0

vendor:schneider electricmodel:smtl series 1026 upsscope:lteversion:02.9

Trust: 1.0

vendor:schneider electricmodel:smt series 1040 upsscope:lteversion:01.2

Trust: 1.0

vendor:schneider electricmodel:scl series 1037 upsscope:lteversion:03.1

Trust: 1.0

vendor:schneider electricmodel:srtl3000rmxli-ncscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:srt series 1021 upsscope:lteversion:12.2

Trust: 1.0

vendor:schneider electricmodel:srtl1000rmxli-ncscope:lteversion:01.0

Trust: 1.0

vendor:schneider electricmodel:smc series 1018 upsscope:lteversion:04.2

Trust: 1.0

vendor:schneider electricmodel:srt series 1020 upsscope:lteversion:10.4

Trust: 1.0

vendor:schneider electricmodel:srt series 1019 upsscope:lteversion:08.3

Trust: 1.0

vendor:schneider electricmodel:smc series 1007 upsscope:lteversion:11.0

Trust: 1.0

vendor:schneider electricmodel:smc series 1041 upsscope:lteversion:01.1

Trust: 1.0

vendor:schneider electricmodel:smc シリーズ 1018 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:scl シリーズ 1036 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:scl シリーズ 1037 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:smt シリーズ 1015 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:smtl シリーズ 1026 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:smt シリーズ 18 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:smx シリーズ 1031 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:smt シリーズ 1040 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:scl シリーズ 1029 upsscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:scl シリーズ 1030 upsscope: - version: -

Trust: 0.8

vendor:schneidermodel:electric srt series id=1024 <=upsscope:eqversion:01.0

Trust: 0.6

vendor:schneidermodel:electric srt series id=1020 <=upsscope:eqversion:10.4

Trust: 0.6

vendor:schneidermodel:electric srt series id=1021 <=upsscope:eqversion:12.2

Trust: 0.6

vendor:schneidermodel:electric srt series id=1001/1013 <=upsscope:eqversion:05.1

Trust: 0.6

vendor:schneidermodel:electric srt series id=1002/1014 <=upsa05.2scope: - version: -

Trust: 0.6

vendor:schneidermodel:electric smt series id=1015 <=upsscope:eqversion:04.5

Trust: 0.6

vendor:schneidermodel:electric smc series id=1018 <=upsscope:eqversion:04.2

Trust: 0.6

vendor:schneidermodel:electric smtl series id=1026 <=upsscope:eqversion:02.9

Trust: 0.6

vendor:schneidermodel:electric scl series id=1029 <=upsscope:eqversion:02.5

Trust: 0.6

vendor:schneidermodel:electric scl series id=1037 <=upsscope:eqversion:03.1

Trust: 0.6

vendor:schneidermodel:electric smx series id=1031 <=upsscope:eqversion:03.1

Trust: 0.6

vendor:schneidermodel:electric smt series id=18 <=upsscope:eqversion:09.8

Trust: 0.6

vendor:schneidermodel:electric smt series id=1040 <=upsscope:eqversion:01.2

Trust: 0.6

vendor:schneidermodel:electric smt series id=1031 <=upsscope:eqversion:03.1

Trust: 0.6

vendor:schneidermodel:electric smc series id=1005 <=upsscope:eqversion:14.1

Trust: 0.6

vendor:schneidermodel:electric smc series id=1007 <=upsscope:eqversion:11.0

Trust: 0.6

vendor:schneidermodel:electric smc series id=1041 <=upsscope:eqversion:01.1

Trust: 0.6

vendor:schneidermodel:electric smx series id=20 <=upsscope:eqversion:10.2

Trust: 0.6

vendor:schneidermodel:electric smx series id=23 <=upsscope:eqversion:07.0

Trust: 0.6

vendor:schneidermodel:electric srt series id=1010/1019/1025 <=upsscope:eqversion:08.3

Trust: 0.6

sources: CNVD: CNVD-2022-18772 // JVNDB: JVNDB-2022-001579 // NVD: CVE-2022-0715

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-0715
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-0715
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-18772
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202203-810
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-0715
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2022-18772
severity: HIGH
baseScore: 7.3
vectorString: AV:N/AC:H/AU:N/C:P/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-0715
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-0715
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-18772 // JVNDB: JVNDB-2022-001579 // CNNVD: CNNVD-202203-810 // NVD: CVE-2022-0715

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-345

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001579 // NVD: CVE-2022-0715

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-810

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-202203-810

PATCH

title:SEVD-2022-067-02 Hitachi Software Product Security Informationurl:https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Trust: 0.8

title:Patch for Authentication Error Vulnerabilities in Multiple Schneider Electric Productsurl:https://www.cnvd.org.cn/patchInfo/show/325181

Trust: 0.6

title:Multiple Schneider Electric Product data falsification issuesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247105

Trust: 0.6

sources: CNVD: CNVD-2022-18772 // JVNDB: JVNDB-2022-001579 // CNNVD: CNNVD-202203-810

EXTERNAL IDS

db:NVDid:CVE-2022-0715

Trust: 3.8

db:SCHNEIDERid:SEVD-2022-067-02

Trust: 1.6

db:JVNDBid:JVNDB-2022-001579

Trust: 0.8

db:CNVDid:CNVD-2022-18772

Trust: 0.6

db:CS-HELPid:SB2022030912

Trust: 0.6

db:CNNVDid:CNNVD-202203-810

Trust: 0.6

sources: CNVD: CNVD-2022-18772 // JVNDB: JVNDB-2022-001579 // CNNVD: CNNVD-202203-810 // NVD: CVE-2022-0715

REFERENCES

url:https://www.se.com/ww/en/download/document/sevd-2022-067-02/

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-0715

Trust: 1.4

url:https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-067-02

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-0715/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022030912

Trust: 0.6

sources: CNVD: CNVD-2022-18772 // JVNDB: JVNDB-2022-001579 // CNNVD: CNNVD-202203-810 // NVD: CVE-2022-0715

SOURCES

db:CNVDid:CNVD-2022-18772
db:JVNDBid:JVNDB-2022-001579
db:CNNVDid:CNNVD-202203-810
db:NVDid:CVE-2022-0715

LAST UPDATE DATE

2024-08-14T13:42:58.007000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-18772date:2022-03-12T00:00:00
db:JVNDBid:JVNDB-2022-001579date:2022-04-26T06:03:00
db:CNNVDid:CNNVD-202203-810date:2023-07-24T00:00:00
db:NVDid:CVE-2022-0715date:2023-07-21T17:12:11.407

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-18772date:2022-03-12T00:00:00
db:JVNDBid:JVNDB-2022-001579date:2022-04-26T00:00:00
db:CNNVDid:CNNVD-202203-810date:2022-03-09T00:00:00
db:NVDid:CVE-2022-0715date:2022-03-09T20:15:08.300