cvelistv5 - cve-2022-0715

CVE-2022-0715 (GCVE-0-2022-0715)

Vulnerability from cvelistv5

Published

2022-03-09 19:30

Modified

2024-08-02 23:40

Severity ?

CWE

CWE-287 - Improper Authentication

Summary

References

URL

Tags

	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2022-067-02/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2022-067-02/	Vendor Advisory

Impacted products

Vendor

Product

Version

Schneider Electric

APC Smart-UPS

Version: SMT Series
Version: SMC Series
Version: SCL Series
Version: SMX Series
Version: SRT Series

Schneider Electric

SmartConnect

Version: SMT Series
Version: SMC Series
Version: SMTL Series
Version: SCL Series
Version: SMX Series

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:03.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "APC Smart-UPS",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "SMT Series "
            },
            {
              "status": "affected",
              "version": "SMC Series "
            },
            {
              "status": "affected",
              "version": "SCL Series "
            },
            {
              "status": "affected",
              "version": "SMX Series "
            },
            {
              "status": "affected",
              "version": "SRT Series "
            }
          ]
        },
        {
          "product": "SmartConnect ",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "SMT Series "
            },
            {
              "status": "affected",
              "version": "SMC Series"
            },
            {
              "status": "affected",
              "version": "SMTL Series"
            },
            {
              "status": "affected",
              "version": "SCL Series"
            },
            {
              "status": "affected",
              "version": "SMX Series"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-28T16:25:27",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2022-0715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "APC Smart-UPS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SMT Series "
                          },
                          {
                            "version_value": "SMC Series "
                          },
                          {
                            "version_value": "SCL Series "
                          },
                          {
                            "version_value": "SMX Series "
                          },
                          {
                            "version_value": "SRT Series "
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SmartConnect ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SMT Series "
                          },
                          {
                            "version_value": "SMC Series"
                          },
                          {
                            "version_value": "SMTL Series"
                          },
                          {
                            "version_value": "SCL Series"
                          },
                          {
                            "version_value": "SMX Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider Electric"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287 Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/",
              "refsource": "MISC",
              "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2022-0715",
    "datePublished": "2022-03-09T19:30:14",
    "dateReserved": "2022-02-21T00:00:00",
    "dateUpdated": "2024-08-02T23:40:03.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0715\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2022-03-09T20:15:08.300\",\"lastModified\":\"2024-11-21T06:39:14.900\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)\"},{\"lang\":\"es\",\"value\":\"Una CWE-287: Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada que podr\u00eda causar que un atacante cambie arbitrariamente el comportamiento del SAI cuando es filtrada una clave y es usada para cargar firmware malicioso. Producto afectado: Familia de Smart-UPS de APC: Serie SMT (SMT Series ID=18: UPS versiones 09.8 y anteriores / SMT Series ID=1040: UPS versiones 01.2 y anteriores / SMT Series ID=1031: UPS versiones 03.1 y anteriores), SMC Series (SMC Series ID=1005: UPS versiones 14.1 y anteriores / SMC Series ID=1007: UPS versiones 11.0 y anteriores / SMC Series ID=1041: UPS versiones 01.1 y anteriores), SCL Series (SCL Series ID=1030: UPS versiones 02.5 y anteriores / SCL Series ID=1036: UPS versiones 02.5 y anteriores), SMX Series (SMX Series ID=20: UPS versiones 10.2 y anteriores / SMX Series ID=23: UPS versiones 07.0 y anteriores), SRT Series (SRT Series ID=1010/1019/1025: UPS versiones 08.3 y anteriores / SRT Series ID=1024: UPS versiones 01.0 y anteriores / SRT Series ID=1020: UPS versiones 10.4 y anteriores / SRT Series ID=1021: UPS versiones 12.2 y anteriores / SRT Series ID=1001/1013: UPS versiones 05.1 y anteriores / SRT Series ID=1002/1014: UPS versiones a05.2 y anteriores), Familia SmartConnect de APC: Serie SMT (Serie SMT ID=1015: UPS versiones 04.5 y anteriores), Serie SMC (Serie SMC ID=1018: UPS versiones 04.2 y anteriores), Serie SMTL (Serie SMTL ID=1026: UPS versiones 02.9 y anteriores), Serie SCL (Serie SCL ID=1029: UPS versiones 02.5 y anteriores / SCL Series ID=1030: UPS versiones 02.5 y anteriores / SCL Series ID=1036: UPS versiones 02.5 y anteriores / SCL Series ID=1037: UPS versiones 03.1 y anteriores), SMX Series (SMX Series ID=1031: UPS versiones 03.1 y anteriores)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"04.5\",\"matchCriteriaId\":\"2C3EA55B-DB09-4124-A9D9-A92431C38D1F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95C1E3D9-606B-4C57-A4E7-0A45C9D46332\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"04.2\",\"matchCriteriaId\":\"FFE2D844-ED18-44D3-9E75-4BB3082E4B51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"154E788E-173C-4D16-A492-B61D39D420EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"02.9\",\"matchCriteriaId\":\"AE693F05-B0A7-452D-94C6-D36E37ACF6CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B138EB4-6264-4BFA-B4C7-4B23FFA676B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"02.5\",\"matchCriteriaId\":\"C2E0803A-637E-4BBA-B9D5-AB59EE122844\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4175BEC7-DA4D-4E19-A642-A5FC13D3598E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"02.5\",\"matchCriteriaId\":\"469F9813-DE0E-4752-91EB-FECC001C6825\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8DC43CB-66C0-469B-AF87-0120D6280584\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"02.5\",\"matchCriteriaId\":\"22E4C951-876D-46F7-8CF4-D943464E8338\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FB7E0EB-AF6D-4107-B343-50309E9DF03E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"03.1\",\"matchCriteriaId\":\"3E52A522-88D4-4B6A-83B4-C56C093C7F54\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04C627CE-E3F8-4E3F-8B93-07C92AA21296\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"03.1\",\"matchCriteriaId\":\"6251AE4E-FFED-4B0C-A90B-A3BD852A2ED8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E1E7040-8123-483C-AE62-F190D83D0ADC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smt_series_18_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"09.8\",\"matchCriteriaId\":\"A9B1431D-822C-47DF-8643-7D5E778A43AD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smt_series_18_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E1F03F0-11F1-437A-8FD8-A3C8186D02DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smt_series_1040_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.2\",\"matchCriteriaId\":\"660A5F99-3370-48C9-A3C8-A54FFAC9BEE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smt_series_1040_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848020CF-D33A-4196-BB0C-ECD1D43372D7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smt_series_1031_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"03.1\",\"matchCriteriaId\":\"CE801653-57F9-4C13-8D23-91D5F22FD2C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smt_series_1031_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1467655-7784-4287-8C32-3F522A49411D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smc_series_1005_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.1\",\"matchCriteriaId\":\"1B5D15FE-D25F-4827-99C2-2B15DA5726F3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smc_series_1005_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26B5EC8E-4FF9-4ED0-AB70-B5F6DBA72632\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smc_series_1007_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.0\",\"matchCriteriaId\":\"4929654C-D91D-4228-807B-F9DAC9D8C931\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smc_series_1007_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2761A47B-326E-4CD0-96D6-12796992769D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smc_series_1041_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.1\",\"matchCriteriaId\":\"428CBB13-0227-4557-8A22-DE8165949D3B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smc_series_1041_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FEFAD29-12AD-454B-BAFC-4C17A1D1E8E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"02.5\",\"matchCriteriaId\":\"469F9813-DE0E-4752-91EB-FECC001C6825\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8DC43CB-66C0-469B-AF87-0120D6280584\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"02.5\",\"matchCriteriaId\":\"22E4C951-876D-46F7-8CF4-D943464E8338\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FB7E0EB-AF6D-4107-B343-50309E9DF03E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smx_series_20_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.2\",\"matchCriteriaId\":\"49A9A0AA-9E54-426D-B3DF-A896119DCFCB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smx_series_20_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9869EFE8-DED1-40D9-8BD6-003E0507995F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:smx_series_23_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"07.0\",\"matchCriteriaId\":\"AD04C6BF-A05F-41DC-9DB8-6ECBEF570FA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:smx_series_23_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58B76AA-7DFC-4F6C-B6E6-4B19746788B3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1010_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"08.3\",\"matchCriteriaId\":\"6717F4F6-F033-48CB-A4BA-6E19DAD98FE5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1010_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83769E66-3290-4559-AD5A-C65BE83B27A1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1019_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"08.3\",\"matchCriteriaId\":\"A45A70DF-4794-4E45-B134-EB8435AC5FB8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1019_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09A53A75-F08A-47E9-A3CF-691EE7B475B7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1025_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"08.3\",\"matchCriteriaId\":\"B73BB6AE-8CC4-465F-9C48-B125D0C25F59\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1025_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D883C4EF-0530-4E8B-8C83-57B452219687\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1020_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.4\",\"matchCriteriaId\":\"CC69A97E-D632-42FE-A217-572EB966085A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1020_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94F049E9-F1D2-4006-9C9A-5DA9C7229087\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1021_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"12.2\",\"matchCriteriaId\":\"CF0C5ED3-2100-48C1-AC5A-E6285487815D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1021_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC3AD24-6B13-4A44-A58C-9189BCF480D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1001_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"05.1\",\"matchCriteriaId\":\"1D4D6B50-3B1A-47EF-9055-2887128F0224\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1001_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB599BB4-82F4-4E97-BEF5-0ECC587F0A68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1013_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"05.1\",\"matchCriteriaId\":\"B4B35543-73E5-4EDD-9018-3BE90A5B99C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1013_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"833DCA70-FCBA-4C58-80EE-DEFFD0F661EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1002_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"a05.2\",\"matchCriteriaId\":\"318BBEA4-EAF2-499A-8E89-39EC58781BA6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1002_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20C49E94-8D0A-4202-A433-6787BF8E4B68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srt_series_1014_ups_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"a05.2\",\"matchCriteriaId\":\"043062A8-6D85-46CD-934F-82BF075B8D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srt_series_1014_ups:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B55E3932-EBCF-44CA-930D-F254EFF5FC68\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl1000rmxli_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"4A9B5DEA-467F-4C36-854A-F7A5967F0BD1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl1000rmxli:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5165586B-64EF-4E2C-B496-2E82A61113A4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl1000rmxli-nc_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"FD635E09-A358-422A-9BD0-2B177D98E3EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl1000rmxli-nc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13699C09-1AB8-4C43-9621-295413A974FF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl1500rmxli-nc_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"1A5732D4-6BBD-41CA-8D24-84F2FC1412AC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl1500rmxli-nc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"773C3D26-4C71-440E-8CCA-85478C59B247\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl1500rmxli_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"ECDE919A-70ED-411B-9AAA-12C8B9EB1785\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl1500rmxli:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C418AEA1-3C77-4969-9651-9995F7DE99EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl2200rmxli_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"40D232F8-B3F7-4CCF-9E08-6EA63AD7596C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl2200rmxli:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7883EDB6-5A6D-4CDF-A467-A46E522B3B22\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl2200rmxli-nc_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"EB73EFDD-0994-4553-9075-5EB390816B31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl2200rmxli-nc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54F5A2E5-DA9A-412E-A5FF-9EA97A8A2D9F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl3000rmxli-nc_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"66BFDC2B-B658-4782-AB42-14978BFD2ECC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl3000rmxli-nc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FE692C1-4995-430A-896E-BDD68325BD16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:schneider-electric:srtl3000rmxli_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.0\",\"matchCriteriaId\":\"83E06F71-7148-4B01-913C-5D92AA36C499\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:schneider-electric:srtl3000rmxli:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A83199-87D4-4DD2-854F-2EDBD09509C4\"}]}]}],\"references\":[{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2022-AVI-215

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

EcoStruxure Control Expert versions antérieures à 15.1
EcoStruxure Process Expert versions antérieures à 2021
SCADAPack RemoteConnect for x70 toutes versions, se référer aux mesures de contournement proposées par l'éditeur
Smart-UPS séries SMT micrologiciels versions antérieures à UPS 04.6 permettant une correction partielle de la vulnérabilité CVE-2022-0715 et une correction des vulnérabilités CVE-2022-22805 et CVE-2022-22806
Smart-UPS séries SMC micrologiciels versions antérieures à UPS 04.3 permettant une correction partielle de la vulnérabilité CVE-2022-0715 et une correction des vulnérabilités CVE-2022-22805 et CVE-2022-22806
Aucun correctif n'est disponible pour les séries Smart-UPS SCL, SMX et SRT ainsi que les séries SmartConnect SMTL, SCL, et SMX. Se référer aux mesures de contournement proposées par l'éditeur
Ritto Wiser Door toutes versions, se référer aux mesures de contournement proposées par l'éditeur

Pour les vulnérabilités identifiées CVE-2021-22778, CVE-2021-22780, CVE-2021-22781, CVE-2021-22782 et CVE-2020-12525, la mise à niveau vers EcoStruxure Control Expert v15.1 et EcoStruxure Process Expert v2021 constitue une première étape de contournement. L'éditeur annoncera la publication d'un nouveau micrologiciel afin de corriger ces vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2022-067-02 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-04 du 09 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-257-01 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-222-02 du 10 août 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-01 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-03 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider 2021-194-01 du 13 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eEcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.1\u003c/li\u003e \u003cli\u003eEcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021\u003c/li\u003e \u003cli\u003eSCADAPack RemoteConnect for x70 toutes versions, se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMT micrologiciels versions ant\u00e9rieures \u00e0 UPS 04.6 permettant une correction partielle de la vuln\u00e9rabilit\u00e9 CVE-2022-0715 et une correction des vuln\u00e9rabilit\u00e9s CVE-2022-22805 et CVE-2022-22806\u003c/li\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMC micrologiciels versions ant\u00e9rieures \u00e0 UPS 04.3 permettant une correction partielle de la vuln\u00e9rabilit\u00e9 CVE-2022-0715 et une correction des vuln\u00e9rabilit\u00e9s CVE-2022-22805 et CVE-2022-22806\u003c/li\u003e \u003cli\u003eAucun correctif n\u0027est disponible pour les s\u00e9ries Smart-UPS SCL, SMX et SRT ainsi que les s\u00e9ries SmartConnect SMTL, SCL, et SMX. Se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003cli\u003eRitto Wiser Door toutes versions, se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u0027\u00e9diteur\u003c/li\u003e \u003c/ul\u003e \u003cp\u003ePour les vuln\u00e9rabilit\u00e9s identifi\u00e9es CVE-2021-22778, CVE-2021-22780, CVE-2021-22781, CVE-2021-22782 et CVE-2020-12525, la mise \u00e0 niveau vers EcoStruxure Control Expert v15.1 et EcoStruxure Process Expert v2021 constitue une premi\u00e8re \u00e9tape de contournement. L\u0027\u00e9diteur annoncera la publication d\u0027un nouveau micrologiciel afin de corriger ces vuln\u00e9rabilit\u00e9s.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-24322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24322"
    },
    {
      "name": "CVE-2021-21814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21814"
    },
    {
      "name": "CVE-2021-34527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
    },
    {
      "name": "CVE-2021-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21830"
    },
    {
      "name": "CVE-2021-22797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22797"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-21828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21828"
    },
    {
      "name": "CVE-2021-21810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21810"
    },
    {
      "name": "CVE-2021-21813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21813"
    },
    {
      "name": "CVE-2022-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
    },
    {
      "name": "CVE-2021-21825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21825"
    },
    {
      "name": "CVE-2021-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21829"
    },
    {
      "name": "CVE-2021-1675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2022-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
    },
    {
      "name": "CVE-2021-21826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21826"
    },
    {
      "name": "CVE-2021-21812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21812"
    },
    {
      "name": "CVE-2021-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21827"
    },
    {
      "name": "CVE-2022-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
    },
    {
      "name": "CVE-2022-24323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24323"
    },
    {
      "name": "CVE-2021-21815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21815"
    },
    {
      "name": "CVE-2021-22783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22783"
    },
    {
      "name": "CVE-2021-21811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21811"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    }
  ],
  "initial_release_date": "2022-03-08T00:00:00",
  "last_revision_date": "2022-03-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-215",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 09 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-257-01 du 14 septembre 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-02 du 10 ao\u00fbt 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-03 du 8 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider 2021-194-01 du 13 juillet 2021",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01"
    }
  ]
}

CERTFR-2022-AVI-436

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

PowerLogic ION Setup versions antérieures à 3.2.22096.01
Saitel DP RTU microgiciel versions Baseline_09.00.00 à Baseline_11.06.23 antérieures à BaseLine_11.06.24
APC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et antérieures
APC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et antérieures
APC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et antérieures
APC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et antérieures
APC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et antérieures
SmartConnect séries SMTL, SCL, et SMX version du microgiciel antérieure à 15.0
HMISCU Vijeo Designer versions antérieures à 6.2 SP12
Easergy MiCOM P30 range modèles C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 à 674
APC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions antérieures à 7.0.6
APC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions antérieures à 1.2.0.2
APC 3-Phase Power Distribution Products utilisant NMC2 AOS versions antérieures à 7.0.4
Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions antérieures à 7.0.4
Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions antérieures à 7.0.4
Network Management Card 2 for Modular 150/175kVA PDU (XRDP) versions antérieures à 7.0.4
Network Management Card 2 for 400 and 500 kVA (PMM) versions antérieures à 7.0.4
Network Management Card 2 for Modular PDU (XRDP2G) versions antérieures à 7.0.4
Rack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions antérieures à 7.0.4
Network Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions antérieures à 7.0.4
Environmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions antérieures à 7.0.4
Network Management Card 2 (NMC2) versions antérieures à 7.0.4
EcoStruxure Micro Data Center utilisant NMC2 AOS versions antérieures à 7.0.4

Les produits suivants ne sont plus supportés par l'éditeur :

Wiser Smart EER21000 et EER21001 versions antérieures à 4.5

Les produits suivants ne bénéficient pas encore de correctif pour les vulnérabilités CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :

Smart-UPS séries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2022-130-01 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-130-02 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-130-03 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-03 du 10 mai 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-02 du 10 mai 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003ePowerLogic ION Setup versions ant\u00e9rieures \u00e0 3.2.22096.01\u003c/li\u003e \u003cli\u003eSaitel DP RTU microgiciel versions Baseline_09.00.00 \u00e0 Baseline_11.06.23 ant\u00e9rieures \u00e0 BaseLine_11.06.24\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eAPC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et ant\u00e9rieures\u003c/li\u003e \u003cli\u003eSmartConnect s\u00e9ries SMTL, SCL, et SMX version du microgiciel ant\u00e9rieure \u00e0 15.0\u003c/li\u003e \u003cli\u003eHMISCU Vijeo Designer versions ant\u00e9rieures \u00e0 6.2 SP12\u003c/li\u003e \u003cli\u003eEasergy MiCOM P30 range mod\u00e8les C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 \u00e0 674\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.6\u003c/li\u003e \u003cli\u003eAPC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions ant\u00e9rieures \u00e0 1.2.0.2\u003c/li\u003e \u003cli\u003eAPC 3-Phase Power Distribution Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular 150/175kVA PDU (XRDP) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for 400 and 500 kVA (PMM) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 for Modular PDU (XRDP2G) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eRack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEnvironmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eNetwork Management Card 2 (NMC2) versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003cli\u003eEcoStruxure Micro Data Center utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne sont plus support\u00e9s par l\u0027\u00e9diteur :\u003c/p\u003e \u003cul\u003e \u003cli\u003eWiser Smart EER21000 et EER21001 versions ant\u00e9rieures \u00e0 4.5\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eLes produits suivants ne b\u00e9n\u00e9ficient pas encore de correctif pour les vuln\u00e9rabilit\u00e9s CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :\u003c/p\u003e \u003cul\u003e \u003cli\u003eSmart-UPS s\u00e9ries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-30236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30236"
    },
    {
      "name": "CVE-2021-22811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
    },
    {
      "name": "CVE-2021-22813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
    },
    {
      "name": "CVE-2022-30233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30233"
    },
    {
      "name": "CVE-2022-30238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30238"
    },
    {
      "name": "CVE-2022-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-6996"
    },
    {
      "name": "CVE-2021-22810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
    },
    {
      "name": "CVE-2021-22815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
    },
    {
      "name": "CVE-2022-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
    },
    {
      "name": "CVE-2022-30234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30234"
    },
    {
      "name": "CVE-2022-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
    },
    {
      "name": "CVE-2021-22812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
    },
    {
      "name": "CVE-2022-30232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30232"
    },
    {
      "name": "CVE-2020-6996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6996"
    },
    {
      "name": "CVE-2022-30235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30235"
    },
    {
      "name": "CVE-2022-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
    },
    {
      "name": "CVE-2021-22814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
    },
    {
      "name": "CVE-2022-30237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30237"
    }
  ],
  "initial_release_date": "2022-05-10T00:00:00",
  "last_revision_date": "2022-08-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-436",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-05-10T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens",
      "revision_date": "2022-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-01 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-01_PowerLogic_ION_Setup_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-02 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-02_Saitel_DP_RTU_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V7.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-05"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-03 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-130-03_WiserSmart_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-130-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-03_APC_NMC_Security_Notification_V2.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 10 mai 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
    }
  ]
}

CERTFR-2022-AVI-546

Vulnerability from certfr_avis

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions antérieures à 1.11.0
Schneider Electric	N/A	Clipsal C-Bus Network Automation Controller 5500SHAC versions antérieures à 1.11.0
Schneider Electric	N/A	Conext ComBox toutes versions
Schneider Electric	N/A	SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions antérieures à 1.11.0
Schneider Electric	N/A	CanBRASS versions antérieures à 7.6
Schneider Electric	N/A	StruxureWare Data Center Expert versions antérieures à 7.9.1
N/A	N/A	EcoStruxure Power Commission versions antérieures à 2.22
Schneider Electric	N/A	Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions
Schneider Electric	N/A	EcoStruxure Cybersecurity Admin Expert (CAE) versions antérieures à 2.4
Schneider Electric	N/A	IGSS Data Server versions antérieures à 15.0.0.22170
Schneider Electric	N/A	Geo SCADA Mobile versions antérieures au Build 202205171
Schneider Electric	N/A	Smart-UPS SRT Series versions antérieures à 15.0
Schneider Electric	N/A	Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions antérieures à 1.11.0
Schneider Electric	N/A	EcoStruxure Power Build: Rapsody Software versions antérieures à 2.1.13
Schneider Electric	N/A	EPC2000 versions antérieures à 4.03
Schneider Electric	N/A	Versadac versions antérieures à 2.43
Schneider Electric	N/A	Clipsal C-Bus Network Automation Controller 5500NAC versions antérieures à 1.11.0
Schneider Electric	N/A	SCADAPack RemoteConnect pour x70 versions antérieures à R2.7.3
Schneider Electric	N/A	SpaceLogic C-Bus Network Automation Controller 5500AC2 versions antérieures à 1.11.0
Schneider Electric	N/A	Smart-UPS SCL Series versions antérieures à 15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider SEVD-2022-067-02 du 08 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-07 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-06 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-067-01 du 08 mars 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-02 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-08 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-012-02 du 12 janvier 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-04 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-01 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-05 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2021-313-05 du 09 novembre 2021	None	vendor-advisory
Bulletin de sécurité Schneider SEVD-2022-165-03 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Clipsal C-Bus Network Automation Controller 5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Conext ComBox toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions ant\u00e9rieures \u00e0 1.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "CanBRASS versions ant\u00e9rieures \u00e0 7.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "StruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 7.9.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Cybersecurity Admin Expert (CAE) versions ant\u00e9rieures \u00e0 2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Geo SCADA Mobile versions ant\u00e9rieures au Build 202205171",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Smart-UPS SRT Series versions ant\u00e9rieures \u00e0 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Build: Rapsody Software versions ant\u00e9rieures \u00e0 2.1.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EPC2000 versions ant\u00e9rieures \u00e0 4.03",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Versadac versions ant\u00e9rieures \u00e0 2.43",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Clipsal C-Bus Network Automation Controller 5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "SCADAPack RemoteConnect pour x70 versions ant\u00e9rieures \u00e0 R2.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "SpaceLogic C-Bus Network Automation Controller 5500AC2 versions ant\u00e9rieures \u00e0 1.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Smart-UPS SCL Series versions ant\u00e9rieures \u00e0 15.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32524"
    },
    {
      "name": "CVE-2022-24322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24322"
    },
    {
      "name": "CVE-2022-22731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22731"
    },
    {
      "name": "CVE-2022-32514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32514"
    },
    {
      "name": "CVE-2020-35198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
    },
    {
      "name": "CVE-2022-32517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32517"
    },
    {
      "name": "CVE-2022-32526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32526"
    },
    {
      "name": "CVE-2022-32530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32530"
    },
    {
      "name": "CVE-2022-32748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32748"
    },
    {
      "name": "CVE-2022-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
    },
    {
      "name": "CVE-2022-32529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32529"
    },
    {
      "name": "CVE-2022-32513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32513"
    },
    {
      "name": "CVE-2022-32747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32747"
    },
    {
      "name": "CVE-2022-32523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32523"
    },
    {
      "name": "CVE-2022-32528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32528"
    },
    {
      "name": "CVE-2022-32516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32516"
    },
    {
      "name": "CVE-2022-32522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32522"
    },
    {
      "name": "CVE-2022-32527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32527"
    },
    {
      "name": "CVE-2022-32515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32515"
    },
    {
      "name": "CVE-2021-22697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22697"
    },
    {
      "name": "CVE-2022-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
    },
    {
      "name": "CVE-2022-0223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0223"
    },
    {
      "name": "CVE-2022-32519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32519"
    },
    {
      "name": "CVE-2022-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
    },
    {
      "name": "CVE-2022-24323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24323"
    },
    {
      "name": "CVE-2022-32512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32512"
    },
    {
      "name": "CVE-2022-32518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32518"
    },
    {
      "name": "CVE-2022-22732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22732"
    },
    {
      "name": "CVE-2020-28895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
    },
    {
      "name": "CVE-2022-32520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32520"
    },
    {
      "name": "CVE-2022-32525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32525"
    },
    {
      "name": "CVE-2021-22698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22698"
    },
    {
      "name": "CVE-2022-32521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32521"
    }
  ],
  "initial_release_date": "2022-06-15T00:00:00",
  "last_revision_date": "2022-08-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-546",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    },
    {
      "description": "Modification de la version des produits IGSS Data Server",
      "revision_date": "2022-06-23T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour du lien du bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022.",
      "revision_date": "2022-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-07 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-06 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 08 mars 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-01_EcoStruxure_Control_Expert_and_EcoStruxure_Process_Expert_Security_Notification_V2.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-02 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-08 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-012-02 du 12 janvier 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-012-02_EcoStruxure_Power_Build_Rapsody_Security_Notification_V2.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-04 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-04_%20StruxureWare_Data_Center_Expert_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-01 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-05 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V8.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-03 du 14 juin 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
    }
  ]
}

CERTFR-2022-AVI-628

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	SpaceLogic C-Bus Home Controller (5200WHC2), C-Bus Wiser Homer Controller MK2 versions antérieures à 4.14.0 (PICED_V4.14.0 Programming Interface for C-Bus Embedded Devices version V4.14.0)
Schneider Electric	N/A	X80 advanced RTU Communication Module (BMENOR2200H) versions antérieures à 2.01
Schneider Electric	N/A	IGSS Data Server versions antérieures à 15.0.0.22074
Schneider Electric	N/A	SCADAPack RemoteConnect for x70 versions antérieures à R2.7.3
Schneider Electric	N/A	Micrologiciels Easergy P5 versions antérieures à 01.401.102
Schneider Electric	N/A	Acti9 PowerTag Link C (A9XELC10-B) versions antérieures à 2.14.0
Schneider Electric	N/A	OPC UA Modicon Communication Module (BMENUA0100) versions 1.10 et antérieures
Schneider Electric	N/A	Acti9 PowerTag Link C (A9XELC10-A) versions antérieures à 2.14.0
Schneider Electric	N/A	EcoStruxure Machine Expert versions antérieures à 2.0.3
Schneider Electric	N/A	Micrologiciels Smart-UPS SCL, SRT, SRC, & XU Series versions antérieures à 15.0

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2021-194-01 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2022-193-02 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2022-193-01 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2022-193-03 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2022-011-06 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-257-01 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2022-067-02 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2022-102-01 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2022-193-04 du 12 juillet 2022	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2021-222-02 du 12 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SpaceLogic C-Bus Home Controller (5200WHC2), C-Bus Wiser Homer Controller MK2 versions ant\u00e9rieures \u00e0 4.14.0 (PICED_V4.14.0 Programming Interface for C-Bus Embedded Devices version V4.14.0)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "X80 advanced RTU Communication Module (BMENOR2200H) versions ant\u00e9rieures \u00e0 2.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22074",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "SCADAPack RemoteConnect for x70 versions ant\u00e9rieures \u00e0 R2.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Micrologiciels Easergy P5 versions ant\u00e9rieures \u00e0 01.401.102",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Acti9 PowerTag Link C (A9XELC10-B) versions ant\u00e9rieures \u00e0 2.14.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "OPC UA Modicon Communication Module (BMENUA0100) versions 1.10 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Acti9 PowerTag Link C (A9XELC10-A) versions ant\u00e9rieures \u00e0 2.14.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Machine Expert versions ant\u00e9rieures \u00e0 2.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Micrologiciels Smart-UPS SCL, SRT, SRC, \u0026 XU Series versions ant\u00e9rieures \u00e0 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2329"
    },
    {
      "name": "CVE-2021-21814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21814"
    },
    {
      "name": "CVE-2021-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21869"
    },
    {
      "name": "CVE-2022-34760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
    },
    {
      "name": "CVE-2021-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21830"
    },
    {
      "name": "CVE-2021-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21866"
    },
    {
      "name": "CVE-2021-22797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22797"
    },
    {
      "name": "CVE-2022-34753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34753"
    },
    {
      "name": "CVE-2022-34762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
    },
    {
      "name": "CVE-2022-34758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34758"
    },
    {
      "name": "CVE-2021-22779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
    },
    {
      "name": "CVE-2021-22781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
    },
    {
      "name": "CVE-2021-22780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
    },
    {
      "name": "CVE-2021-21828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21828"
    },
    {
      "name": "CVE-2021-21810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21810"
    },
    {
      "name": "CVE-2021-21813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21813"
    },
    {
      "name": "CVE-2022-34761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
    },
    {
      "name": "CVE-2022-22806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
    },
    {
      "name": "CVE-2021-21825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21825"
    },
    {
      "name": "CVE-2022-34759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
    },
    {
      "name": "CVE-2022-34757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34757"
    },
    {
      "name": "CVE-2021-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21829"
    },
    {
      "name": "CVE-2021-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21863"
    },
    {
      "name": "CVE-2022-34754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34754"
    },
    {
      "name": "CVE-2021-22782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
    },
    {
      "name": "CVE-2021-22778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
    },
    {
      "name": "CVE-2022-34764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
    },
    {
      "name": "CVE-2022-0715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
    },
    {
      "name": "CVE-2021-21865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21865"
    },
    {
      "name": "CVE-2022-34763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
    },
    {
      "name": "CVE-2021-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21867"
    },
    {
      "name": "CVE-2022-34756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34756"
    },
    {
      "name": "CVE-2021-21826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21826"
    },
    {
      "name": "CVE-2021-21812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21812"
    },
    {
      "name": "CVE-2021-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21827"
    },
    {
      "name": "CVE-2022-22805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
    },
    {
      "name": "CVE-2022-26507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26507"
    },
    {
      "name": "CVE-2021-29241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29241"
    },
    {
      "name": "CVE-2022-34765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
    },
    {
      "name": "CVE-2021-21815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21815"
    },
    {
      "name": "CVE-2021-21811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21811"
    },
    {
      "name": "CVE-2020-12525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
    },
    {
      "name": "CVE-2021-29240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29240"
    },
    {
      "name": "CVE-2021-21864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21864"
    },
    {
      "name": "CVE-2022-24324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24324"
    },
    {
      "name": "CVE-2021-21868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21868"
    },
    {
      "name": "CVE-2021-33485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33485"
    }
  ],
  "initial_release_date": "2022-07-12T00:00:00",
  "last_revision_date": "2022-08-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-628",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-12T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens",
      "revision_date": "2022-08-22T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour des liens",
      "revision_date": "2022-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-194-01 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_V4.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-193-02 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-02_SpaceLogic-C-Bus-Home-Controller-Wiser_MK2_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-193-01 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-193-03 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-03_Acti9_PowerTag_Link_C_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-011-06 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-257-01 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-257-01_EcoStruxure_Control_Expert_EcoStruxure_Process_Expert_SCADAPack_Security_Notification_V3.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-067-02 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-102-01 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-102-01_IGSS_Security_Notification_V2.0.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-193-04 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-04_Easergy_P5_Security_Notification.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-222-02 du 12 juillet 2022",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-02_AT%26T_Labs-XMILX_DEMILL_Eco_Struxure_Control_ExpertEco_Struxure_Process_Expert_SCADA_Pack_RemoteConnect_x70_Security_Notification_V4.0.pdf"
    }
  ]
}

var-202203-0235

Vulnerability from variot

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior). Schneider Electric Made APC Smart-UPS Family and APC SmartConnect Family The product contains an authentication vulnerability.Information is tampered with and denial of service (DoS) It may be put into a state. Schneider Electric APC Smart-UPS SMC Series, etc. are all products of the French Schneider Electric (Schneider Electric). The Schneider Electric APC Smart-UPS SMC Series is an entry-level UPS for single server, low-power networking, and point-of-sale (POS) devices. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point of sale, routers, switches, hubs and other network equipment. Schneider Electric APC Smart-UPS SRT Series is a high density, true double conversion online power protection

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0235",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "electric scl series id=1030 \u003c=ups",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "schneider",
        "version": "02.5"
      },
      {
        "model": "electric scl series id=1036 \u003c=ups",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "schneider",
        "version": "02.5"
      },
      {
        "model": "srtl3000rmxli-nc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "scl series 1030 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "02.5"
      },
      {
        "model": "srtl1500rmxli",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "srtl3000rmxli",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "srtl2200rmxli-nc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "smt series 1015 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "04.5"
      },
      {
        "model": "smc series 1018 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "04.2"
      },
      {
        "model": "srt series 1010 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "08.3"
      },
      {
        "model": "smt series 1040 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.2"
      },
      {
        "model": "srt series 1013 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "05.1"
      },
      {
        "model": "scl series 1036 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "02.5"
      },
      {
        "model": "scl series 1029 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "02.5"
      },
      {
        "model": "srt series 1020 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "10.4"
      },
      {
        "model": "srtl1000rmxli",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "srtl1500rmxli-nc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "smx series 20 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "10.2"
      },
      {
        "model": "srt series 1001 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "05.1"
      },
      {
        "model": "srt series 1002 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "a05.2"
      },
      {
        "model": "srt series 1019 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "08.3"
      },
      {
        "model": "smc series 1007 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "11.0"
      },
      {
        "model": "srt series 1014 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "a05.2"
      },
      {
        "model": "srt series 1021 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "12.2"
      },
      {
        "model": "smtl series 1026 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "02.9"
      },
      {
        "model": "scl series 1037 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "03.1"
      },
      {
        "model": "smx series 1031 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "03.1"
      },
      {
        "model": "smc series 1005 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "14.1"
      },
      {
        "model": "smc series 1041 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.1"
      },
      {
        "model": "srt series 1025 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "08.3"
      },
      {
        "model": "smx series 23 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "07.0"
      },
      {
        "model": "srtl1000rmxli-nc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "smt series 1031 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "03.1"
      },
      {
        "model": "smt series 18 ups",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "09.8"
      },
      {
        "model": "srtl2200rmxli",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "01.0"
      },
      {
        "model": "smc \u30b7\u30ea\u30fc\u30ba 1018 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "scl \u30b7\u30ea\u30fc\u30ba 1036 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "scl \u30b7\u30ea\u30fc\u30ba 1037 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "smt \u30b7\u30ea\u30fc\u30ba 1015 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "smtl \u30b7\u30ea\u30fc\u30ba 1026 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "smt \u30b7\u30ea\u30fc\u30ba 18 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "smx \u30b7\u30ea\u30fc\u30ba 1031 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "smt \u30b7\u30ea\u30fc\u30ba 1040 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "scl \u30b7\u30ea\u30fc\u30ba 1029 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "scl \u30b7\u30ea\u30fc\u30ba 1030 ups",
        "scope": null,
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": null
      },
      {
        "model": "electric srt series id=1024 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "01.0"
      },
      {
        "model": "electric srt series id=1020 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "10.4"
      },
      {
        "model": "electric srt series id=1021 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "12.2"
      },
      {
        "model": "electric srt series id=1001/1013 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "05.1"
      },
      {
        "model": "electric srt series id=1002/1014 \u003c=upsa05.2",
        "scope": null,
        "trust": 0.6,
        "vendor": "schneider",
        "version": null
      },
      {
        "model": "electric smt series id=1015 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "04.5"
      },
      {
        "model": "electric smc series id=1018 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "04.2"
      },
      {
        "model": "electric smtl series id=1026 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "02.9"
      },
      {
        "model": "electric scl series id=1029 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "02.5"
      },
      {
        "model": "electric scl series id=1037 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "03.1"
      },
      {
        "model": "electric smx series id=1031 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "03.1"
      },
      {
        "model": "electric smt series id=18 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "09.8"
      },
      {
        "model": "electric smt series id=1040 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "01.2"
      },
      {
        "model": "electric smt series id=1031 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "03.1"
      },
      {
        "model": "electric smc series id=1005 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "14.1"
      },
      {
        "model": "electric smc series id=1007 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "11.0"
      },
      {
        "model": "electric smc series id=1041 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "01.1"
      },
      {
        "model": "electric smx series id=20 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "10.2"
      },
      {
        "model": "electric smx series id=23 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "07.0"
      },
      {
        "model": "electric srt series id=1010/1019/1025 \u003c=ups",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "schneider",
        "version": "08.3"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "cve": "CVE-2022-0715",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-0715",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2022-18772",
            "impactScore": 9.5,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-0715",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-0715",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-0715",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-0715",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2022-18772",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-810",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior). Schneider Electric Made  APC Smart-UPS Family and  APC SmartConnect Family The product contains an authentication vulnerability.Information is tampered with and denial of service  (DoS) It may be put into a state. Schneider Electric APC Smart-UPS SMC Series, etc. are all products of the French Schneider Electric (Schneider Electric). The Schneider Electric APC Smart-UPS SMC Series is an entry-level UPS for single server, low-power networking, and point-of-sale (POS) devices. Schneider Electric APC Smart-UPS SMT Series is a line interactive power protection for servers, point of sale, routers, switches, hubs and other network equipment. Schneider Electric APC Smart-UPS SRT Series is a high density, true double conversion online power protection",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-0715"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-0715",
        "trust": 3.8
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2022-067-02",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030912",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "id": "VAR-202203-0235",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:10:53.341000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2022-067-02 Hitachi Software Product Security Information",
        "trust": 0.8,
        "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
      },
      {
        "title": "Patch for Authentication Error Vulnerabilities in Multiple Schneider Electric Products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/325181"
      },
      {
        "title": "Multiple Schneider Electric Product data falsification issues",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=247105"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-345",
        "trust": 1.0
      },
      {
        "problemtype": "Improper authentication (CWE-287) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://www.se.com/ww/en/download/document/sevd-2022-067-02/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0715"
      },
      {
        "trust": 0.6,
        "url": "https://download.schneider-electric.com/files?p_doc_ref=sevd-2022-067-02"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-0715/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030912"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "date": "2022-04-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "date": "2022-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      },
      {
        "date": "2022-03-09T20:15:08.300000",
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2022-18772"
      },
      {
        "date": "2022-04-26T06:03:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      },
      {
        "date": "2023-07-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      },
      {
        "date": "2024-11-21T06:39:14.900000",
        "db": "NVD",
        "id": "CVE-2022-0715"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider\u00a0Electric\u00a0 Made \u00a0APC\u00a0Smart-UPS\u00a0Family\u00a0 and \u00a0APC\u00a0SmartConnect\u00a0Family\u00a0 Product authentication vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-001579"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-810"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2022-18772

Vulnerability from cnvd

Title

Schneider Electric多款产品身份验证错误漏洞

Description

Schneider Electric APC Smart-UPS SMC Series等都是法国施耐德电气（Schneider Electric）公司的产品。Schneider Electric APC Smart-UPS SMC Series是一款适用于单台服务器、低功耗网络和销售点 (POS) 设备的入门级 UPS。Schneider Electric APC Smart-UPS SMT Series是一款服务器、销售点、路由器、交换机、集线器和其他网络设备的线路交互式电源保护。Schneider Electric APC Smart-UPS SRT Series是一款高密度、真正的双转换在线电源保护。 Schneider Electric多款产品存在身份验证错误漏洞，攻击者可利用该漏洞上传恶意固件，随意修改不间断电源的行为。

Severity

高

Patch Name

Schneider Electric多款产品身份验证错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://download.schneider-electric.com/files?p_File_Name=SEVD-2022-067-02_Smart-UPS_Security_Notification_CN.pdf

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-0715

Impacted products

Name
['Schneider Electric SRT Series ID=1024 <=UPS 01.0', 'Schneider Electric SRT Series ID=1020 <=UPS 10.4', 'Schneider Electric SRT Series ID=1021 <=UPS 12.2', 'Schneider Electric SRT Series ID=1001/1013 <=UPS 05.1', 'Schneider Electric SRT Series ID=1002/1014 <=UPSa05.2', 'Schneider Electric SMT Series ID=1015 <=UPS 04.5', 'Schneider Electric SMC Series ID=1018 <=UPS 04.2', 'Schneider Electric SMTL Series ID=1026 <=UPS 02.9', 'Schneider Electric SCL Series ID=1029 <=UPS 02.5', 'Schneider Electric SCL Series ID=1030 <=UPS 02.5', 'Schneider Electric SCL Series ID=1036 <=UPS 02.5', 'Schneider Electric SCL Series ID=1037 <=UPS 03.1', 'Schneider Electric SMX Series ID=1031 <=UPS 03.1', 'Schneider Electric SMT Series ID=18 <=UPS 09.8', 'Schneider Electric SMT Series ID=1040 <=UPS 01.2', 'Schneider Electric SMT Series ID=1031 <=UPS 03.1', 'Schneider Electric SMC Series ID=1005 <=UPS 14.1', 'Schneider Electric SMC Series ID=1007 <=UPS 11.0', 'Schneider Electric SMC Series ID=1041 <=UPS 01.1', 'Schneider Electric SCL Series ID=1030 <=UPS 02.5', 'Schneider Electric SCL Series ID=1036 <=UPS 02.5', 'Schneider Electric SMX Series ID=20 <=UPS 10.2', 'Schneider Electric SMX Series ID=23 <=UPS 07.0', 'Schneider Electric SRT Series ID=1010/1019/1025 <=UPS 08.3']

Name

['Schneider Electric SRT Series ID=1024 <=UPS 01.0', 'Schneider Electric SRT Series ID=1020 <=UPS 10.4', 'Schneider Electric SRT Series ID=1021 <=UPS 12.2', 'Schneider Electric SRT Series ID=1001/1013 <=UPS 05.1', 'Schneider Electric SRT Series ID=1002/1014 <=UPSa05.2', 'Schneider Electric SMT Series ID=1015 <=UPS 04.5', 'Schneider Electric SMC Series ID=1018 <=UPS 04.2', 'Schneider Electric SMTL Series ID=1026 <=UPS 02.9', 'Schneider Electric SCL Series ID=1029 <=UPS 02.5', 'Schneider Electric SCL Series ID=1030 <=UPS 02.5', 'Schneider Electric SCL Series ID=1036 <=UPS 02.5', 'Schneider Electric SCL Series ID=1037 <=UPS 03.1', 'Schneider Electric SMX Series ID=1031 <=UPS 03.1', 'Schneider Electric SMT Series ID=18 <=UPS 09.8', 'Schneider Electric SMT Series ID=1040 <=UPS 01.2', 'Schneider Electric SMT Series ID=1031 <=UPS 03.1', 'Schneider Electric SMC Series ID=1005 <=UPS 14.1', 'Schneider Electric SMC Series ID=1007 <=UPS 11.0', 'Schneider Electric SMC Series ID=1041 <=UPS 01.1', 'Schneider Electric SCL Series ID=1030 <=UPS 02.5', 'Schneider Electric SCL Series ID=1036 <=UPS 02.5', 'Schneider Electric SMX Series ID=20 <=UPS 10.2', 'Schneider Electric SMX Series ID=23 <=UPS 07.0', 'Schneider Electric SRT Series ID=1010/1019/1025 <=UPS 08.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-0715"
    }
  },
  "description": "Schneider Electric APC Smart-UPS SMC Series\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric APC Smart-UPS SMC Series\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u5355\u53f0\u670d\u52a1\u5668\u3001\u4f4e\u529f\u8017\u7f51\u7edc\u548c\u9500\u552e\u70b9 (POS) \u8bbe\u5907\u7684\u5165\u95e8\u7ea7 UPS\u3002Schneider Electric APC Smart-UPS SMT Series\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u3001\u9500\u552e\u70b9\u3001\u8def\u7531\u5668\u3001\u4ea4\u6362\u673a\u3001\u96c6\u7ebf\u5668\u548c\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u7684\u7ebf\u8def\u4ea4\u4e92\u5f0f\u7535\u6e90\u4fdd\u62a4\u3002Schneider Electric APC Smart-UPS SRT Series\u662f\u4e00\u6b3e\u9ad8\u5bc6\u5ea6\u3001 \u771f\u6b63\u7684\u53cc\u8f6c\u6362\u5728\u7ebf\u7535\u6e90\u4fdd\u62a4\u3002\n\nSchneider Electric\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u56fa\u4ef6\uff0c\u968f\u610f\u4fee\u6539\u4e0d\u95f4\u65ad\u7535\u6e90\u7684\u884c\u4e3a\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://download.schneider-electric.com/files?p_File_Name=SEVD-2022-067-02_Smart-UPS_Security_Notification_CN.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-18772",
  "openTime": "2022-03-12",
  "patchDescription": "Schneider Electric APC Smart-UPS SMC Series\u7b49\u90fd\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Schneider Electric APC Smart-UPS SMC Series\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u5355\u53f0\u670d\u52a1\u5668\u3001\u4f4e\u529f\u8017\u7f51\u7edc\u548c\u9500\u552e\u70b9 (POS) \u8bbe\u5907\u7684\u5165\u95e8\u7ea7 UPS\u3002Schneider Electric APC Smart-UPS SMT Series\u662f\u4e00\u6b3e\u670d\u52a1\u5668\u3001\u9500\u552e\u70b9\u3001\u8def\u7531\u5668\u3001\u4ea4\u6362\u673a\u3001\u96c6\u7ebf\u5668\u548c\u5176\u4ed6\u7f51\u7edc\u8bbe\u5907\u7684\u7ebf\u8def\u4ea4\u4e92\u5f0f\u7535\u6e90\u4fdd\u62a4\u3002Schneider Electric APC Smart-UPS SRT Series\u662f\u4e00\u6b3e\u9ad8\u5bc6\u5ea6\u3001 \u771f\u6b63\u7684\u53cc\u8f6c\u6362\u5728\u7ebf\u7535\u6e90\u4fdd\u62a4\u3002\r\n\r\nSchneider Electric\u591a\u6b3e\u4ea7\u54c1\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u56fa\u4ef6\uff0c\u968f\u610f\u4fee\u6539\u4e0d\u95f4\u65ad\u7535\u6e90\u7684\u884c\u4e3a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric\u591a\u6b3e\u4ea7\u54c1\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric SRT Series ID=1024 \u003c=UPS 01.0",
      "Schneider Electric SRT Series ID=1020 \u003c=UPS 10.4",
      "Schneider Electric SRT Series ID=1021 \u003c=UPS 12.2",
      "Schneider Electric SRT Series ID=1001/1013 \u003c=UPS 05.1",
      "Schneider Electric SRT Series ID=1002/1014 \u003c=UPSa05.2",
      "Schneider Electric SMT Series ID=1015 \u003c=UPS 04.5",
      "Schneider Electric SMC Series ID=1018 \u003c=UPS 04.2",
      "Schneider Electric SMTL Series ID=1026 \u003c=UPS 02.9",
      "Schneider Electric SCL Series ID=1029 \u003c=UPS 02.5",
      "Schneider Electric SCL Series ID=1030 \u003c=UPS 02.5",
      "Schneider Electric SCL Series ID=1036 \u003c=UPS 02.5",
      "Schneider Electric SCL Series ID=1037 \u003c=UPS 03.1",
      "Schneider Electric SMX Series ID=1031 \u003c=UPS 03.1",
      "Schneider Electric SMT Series ID=18 \u003c=UPS 09.8",
      "Schneider Electric SMT Series ID=1040 \u003c=UPS 01.2",
      "Schneider Electric SMT Series ID=1031 \u003c=UPS 03.1",
      "Schneider Electric SMC Series ID=1005 \u003c=UPS 14.1",
      "Schneider Electric SMC Series ID=1007 \u003c=UPS 11.0",
      "Schneider Electric SMC Series ID=1041 \u003c=UPS 01.1",
      "Schneider Electric SCL Series ID=1030 \u003c=UPS 02.5",
      "Schneider Electric SCL Series ID=1036 \u003c=UPS 02.5",
      "Schneider Electric SMX Series ID=20 \u003c=UPS 10.2",
      "Schneider Electric SMX Series ID=23 \u003c=UPS 07.0",
      "Schneider Electric SRT Series ID=1010/1019/1025 \u003c=UPS 08.3"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-0715",
  "serverity": "\u9ad8",
  "submitTime": "2022-03-10",
  "title": "Schneider Electric\u591a\u6b3e\u4ea7\u54c1\u8eab\u4efd\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

gsd-2022-0715

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-0715

Aliases

CVE-2022-0715

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-0715",
    "description": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)",
    "id": "GSD-2022-0715"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0715"
      ],
      "details": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)",
      "id": "GSD-2022-0715",
      "modified": "2023-12-13T01:19:11.737674Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2022-0715",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "APC Smart-UPS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SMT Series "
                        },
                        {
                          "version_value": "SMC Series "
                        },
                        {
                          "version_value": "SCL Series "
                        },
                        {
                          "version_value": "SMX Series "
                        },
                        {
                          "version_value": "SRT Series "
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SmartConnect ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SMT Series "
                        },
                        {
                          "version_value": "SMC Series"
                        },
                        {
                          "version_value": "SMTL Series"
                        },
                        {
                          "version_value": "SCL Series"
                        },
                        {
                          "version_value": "SMX Series"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider Electric"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287 Improper Authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/",
            "refsource": "MISC",
            "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "04.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "04.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "02.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "02.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "02.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "02.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "03.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "03.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smt_series_18_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "09.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smt_series_18_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smt_series_1040_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smt_series_1040_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smt_series_1031_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "03.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smt_series_1031_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smc_series_1005_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "14.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smc_series_1005_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smc_series_1007_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "11.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smc_series_1007_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smc_series_1041_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smc_series_1041_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "02.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "02.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smx_series_20_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smx_series_20_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:smx_series_23_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "07.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:smx_series_23_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1010_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "08.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1010_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1019_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "08.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1019_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1025_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "08.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1025_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1020_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1020_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1021_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "12.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1021_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1001_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "05.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1001_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1013_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "05.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1013_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1002_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "a05.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1002_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srt_series_1014_ups_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "a05.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srt_series_1014_ups:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl1000rmxli_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl1000rmxli:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl1000rmxli-nc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl1000rmxli-nc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl1500rmxli-nc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl1500rmxli-nc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl1500rmxli_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl1500rmxli:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl2200rmxli_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl2200rmxli:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl2200rmxli-nc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl2200rmxli-nc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl3000rmxli-nc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl3000rmxli-nc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:schneider-electric:srtl3000rmxli_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:schneider-electric:srtl3000rmxli:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2022-0715"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-345"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-07-21T17:12Z",
      "publishedDate": "2022-03-09T20:15Z"
    }
  }
}

fkie_cve-2022-0715

Vulnerability from fkie_nvd

Published

2022-03-09 20:15

Modified

2024-11-21 06:39

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.se.com/ww/en/download/document/SEVD-2022-067-02/	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.se.com/ww/en/download/document/SEVD-2022-067-02/	Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	smt_series_1015_ups_firmware	*
schneider-electric	smt_series_1015_ups	-
schneider-electric	smc_series_1018_ups_firmware	*
schneider-electric	smc_series_1018_ups	-
schneider-electric	smtl_series_1026_ups_firmware	*
schneider-electric	smtl_series_1026_ups	-
schneider-electric	scl_series_1029_ups_firmware	*
schneider-electric	scl_series_1029_ups	-
schneider-electric	scl_series_1030_ups_firmware	*
schneider-electric	scl_series_1030_ups	-
schneider-electric	scl_series_1036_ups_firmware	*
schneider-electric	scl_series_1036_ups	-
schneider-electric	scl_series_1037_ups_firmware	*
schneider-electric	scl_series_1037_ups	-
schneider-electric	smx_series_1031_ups_firmware	*
schneider-electric	smx_series_1031_ups	-
schneider-electric	smt_series_18_ups_firmware	*
schneider-electric	smt_series_18_ups	-
schneider-electric	smt_series_1040_ups_firmware	*
schneider-electric	smt_series_1040_ups	-
schneider-electric	smt_series_1031_ups_firmware	*
schneider-electric	smt_series_1031_ups	-
schneider-electric	smc_series_1005_ups_firmware	*
schneider-electric	smc_series_1005_ups	-
schneider-electric	smc_series_1007_ups_firmware	*
schneider-electric	smc_series_1007_ups	-
schneider-electric	smc_series_1041_ups_firmware	*
schneider-electric	smc_series_1041_ups	-
schneider-electric	scl_series_1030_ups_firmware	*
schneider-electric	scl_series_1030_ups	-
schneider-electric	scl_series_1036_ups_firmware	*
schneider-electric	scl_series_1036_ups	-
schneider-electric	smx_series_20_ups_firmware	*
schneider-electric	smx_series_20_ups	-
schneider-electric	smx_series_23_ups_firmware	*
schneider-electric	smx_series_23_ups	-
schneider-electric	srt_series_1010_ups_firmware	*
schneider-electric	srt_series_1010_ups	-
schneider-electric	srt_series_1019_ups_firmware	*
schneider-electric	srt_series_1019_ups	-
schneider-electric	srt_series_1025_ups_firmware	*
schneider-electric	srt_series_1025_ups	-
schneider-electric	srt_series_1020_ups_firmware	*
schneider-electric	srt_series_1020_ups	-
schneider-electric	srt_series_1021_ups_firmware	*
schneider-electric	srt_series_1021_ups	-
schneider-electric	srt_series_1001_ups_firmware	*
schneider-electric	srt_series_1001_ups	-
schneider-electric	srt_series_1013_ups_firmware	*
schneider-electric	srt_series_1013_ups	-
schneider-electric	srt_series_1002_ups_firmware	*
schneider-electric	srt_series_1002_ups	-
schneider-electric	srt_series_1014_ups_firmware	*
schneider-electric	srt_series_1014_ups	-
schneider-electric	srtl1000rmxli_firmware	*
schneider-electric	srtl1000rmxli	-
schneider-electric	srtl1000rmxli-nc_firmware	*
schneider-electric	srtl1000rmxli-nc	-
schneider-electric	srtl1500rmxli-nc_firmware	*
schneider-electric	srtl1500rmxli-nc	-
schneider-electric	srtl1500rmxli_firmware	*
schneider-electric	srtl1500rmxli	-
schneider-electric	srtl2200rmxli_firmware	*
schneider-electric	srtl2200rmxli	-
schneider-electric	srtl2200rmxli-nc_firmware	*
schneider-electric	srtl2200rmxli-nc	-
schneider-electric	srtl3000rmxli-nc_firmware	*
schneider-electric	srtl3000rmxli-nc	-
schneider-electric	srtl3000rmxli_firmware	*
schneider-electric	srtl3000rmxli	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C3EA55B-DB09-4124-A9D9-A92431C38D1F",
              "versionEndIncluding": "04.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95C1E3D9-606B-4C57-A4E7-0A45C9D46332",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFE2D844-ED18-44D3-9E75-4BB3082E4B51",
              "versionEndIncluding": "04.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "154E788E-173C-4D16-A492-B61D39D420EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE693F05-B0A7-452D-94C6-D36E37ACF6CB",
              "versionEndIncluding": "02.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B138EB4-6264-4BFA-B4C7-4B23FFA676B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2E0803A-637E-4BBA-B9D5-AB59EE122844",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4175BEC7-DA4D-4E19-A642-A5FC13D3598E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "469F9813-DE0E-4752-91EB-FECC001C6825",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DC43CB-66C0-469B-AF87-0120D6280584",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E4C951-876D-46F7-8CF4-D943464E8338",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB7E0EB-AF6D-4107-B343-50309E9DF03E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E52A522-88D4-4B6A-83B4-C56C093C7F54",
              "versionEndIncluding": "03.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C627CE-E3F8-4E3F-8B93-07C92AA21296",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6251AE4E-FFED-4B0C-A90B-A3BD852A2ED8",
              "versionEndIncluding": "03.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1E7040-8123-483C-AE62-F190D83D0ADC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smt_series_18_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B1431D-822C-47DF-8643-7D5E778A43AD",
              "versionEndIncluding": "09.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smt_series_18_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E1F03F0-11F1-437A-8FD8-A3C8186D02DE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smt_series_1040_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "660A5F99-3370-48C9-A3C8-A54FFAC9BEE6",
              "versionEndIncluding": "01.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smt_series_1040_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "848020CF-D33A-4196-BB0C-ECD1D43372D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smt_series_1031_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE801653-57F9-4C13-8D23-91D5F22FD2C9",
              "versionEndIncluding": "03.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smt_series_1031_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1467655-7784-4287-8C32-3F522A49411D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smc_series_1005_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B5D15FE-D25F-4827-99C2-2B15DA5726F3",
              "versionEndIncluding": "14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smc_series_1005_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B5EC8E-4FF9-4ED0-AB70-B5F6DBA72632",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smc_series_1007_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4929654C-D91D-4228-807B-F9DAC9D8C931",
              "versionEndIncluding": "11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smc_series_1007_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2761A47B-326E-4CD0-96D6-12796992769D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smc_series_1041_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "428CBB13-0227-4557-8A22-DE8165949D3B",
              "versionEndIncluding": "01.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smc_series_1041_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FEFAD29-12AD-454B-BAFC-4C17A1D1E8E1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "469F9813-DE0E-4752-91EB-FECC001C6825",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8DC43CB-66C0-469B-AF87-0120D6280584",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E4C951-876D-46F7-8CF4-D943464E8338",
              "versionEndIncluding": "02.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB7E0EB-AF6D-4107-B343-50309E9DF03E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smx_series_20_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49A9A0AA-9E54-426D-B3DF-A896119DCFCB",
              "versionEndIncluding": "10.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smx_series_20_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9869EFE8-DED1-40D9-8BD6-003E0507995F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:smx_series_23_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD04C6BF-A05F-41DC-9DB8-6ECBEF570FA3",
              "versionEndIncluding": "07.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:smx_series_23_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A58B76AA-7DFC-4F6C-B6E6-4B19746788B3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1010_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6717F4F6-F033-48CB-A4BA-6E19DAD98FE5",
              "versionEndIncluding": "08.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1010_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83769E66-3290-4559-AD5A-C65BE83B27A1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1019_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A45A70DF-4794-4E45-B134-EB8435AC5FB8",
              "versionEndIncluding": "08.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1019_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09A53A75-F08A-47E9-A3CF-691EE7B475B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1025_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73BB6AE-8CC4-465F-9C48-B125D0C25F59",
              "versionEndIncluding": "08.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1025_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D883C4EF-0530-4E8B-8C83-57B452219687",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1020_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC69A97E-D632-42FE-A217-572EB966085A",
              "versionEndIncluding": "10.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1020_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94F049E9-F1D2-4006-9C9A-5DA9C7229087",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1021_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF0C5ED3-2100-48C1-AC5A-E6285487815D",
              "versionEndIncluding": "12.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1021_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC3AD24-6B13-4A44-A58C-9189BCF480D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1001_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D4D6B50-3B1A-47EF-9055-2887128F0224",
              "versionEndIncluding": "05.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1001_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB599BB4-82F4-4E97-BEF5-0ECC587F0A68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1013_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B35543-73E5-4EDD-9018-3BE90A5B99C5",
              "versionEndIncluding": "05.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1013_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "833DCA70-FCBA-4C58-80EE-DEFFD0F661EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1002_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "318BBEA4-EAF2-499A-8E89-39EC58781BA6",
              "versionEndIncluding": "a05.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1002_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "20C49E94-8D0A-4202-A433-6787BF8E4B68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srt_series_1014_ups_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "043062A8-6D85-46CD-934F-82BF075B8D53",
              "versionEndIncluding": "a05.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srt_series_1014_ups:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B55E3932-EBCF-44CA-930D-F254EFF5FC68",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl1000rmxli_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A9B5DEA-467F-4C36-854A-F7A5967F0BD1",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl1000rmxli:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5165586B-64EF-4E2C-B496-2E82A61113A4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl1000rmxli-nc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD635E09-A358-422A-9BD0-2B177D98E3EE",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl1000rmxli-nc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13699C09-1AB8-4C43-9621-295413A974FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl1500rmxli-nc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A5732D4-6BBD-41CA-8D24-84F2FC1412AC",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl1500rmxli-nc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "773C3D26-4C71-440E-8CCA-85478C59B247",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl1500rmxli_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECDE919A-70ED-411B-9AAA-12C8B9EB1785",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl1500rmxli:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C418AEA1-3C77-4969-9651-9995F7DE99EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl2200rmxli_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40D232F8-B3F7-4CCF-9E08-6EA63AD7596C",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl2200rmxli:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7883EDB6-5A6D-4CDF-A467-A46E522B3B22",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl2200rmxli-nc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB73EFDD-0994-4553-9075-5EB390816B31",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl2200rmxli-nc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F5A2E5-DA9A-412E-A5FF-9EA97A8A2D9F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl3000rmxli-nc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66BFDC2B-B658-4782-AB42-14978BFD2ECC",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl3000rmxli-nc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FE692C1-4995-430A-896E-BDD68325BD16",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:schneider-electric:srtl3000rmxli_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E06F71-7148-4B01-913C-5D92AA36C499",
              "versionEndIncluding": "01.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:schneider-electric:srtl3000rmxli:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A83199-87D4-4DD2-854F-2EDBD09509C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"
    },
    {
      "lang": "es",
      "value": "Una CWE-287: Se presenta una vulnerabilidad de autenticaci\u00f3n inapropiada que podr\u00eda causar que un atacante cambie arbitrariamente el comportamiento del SAI cuando es filtrada una clave y es usada para cargar firmware malicioso. Producto afectado: Familia de Smart-UPS de APC: Serie SMT (SMT Series ID=18: UPS versiones 09.8 y anteriores / SMT Series ID=1040: UPS versiones 01.2 y anteriores / SMT Series ID=1031: UPS versiones 03.1 y anteriores), SMC Series (SMC Series ID=1005: UPS versiones 14.1 y anteriores / SMC Series ID=1007: UPS versiones 11.0 y anteriores / SMC Series ID=1041: UPS versiones 01.1 y anteriores), SCL Series (SCL Series ID=1030: UPS versiones 02.5 y anteriores / SCL Series ID=1036: UPS versiones 02.5 y anteriores), SMX Series (SMX Series ID=20: UPS versiones 10.2 y anteriores / SMX Series ID=23: UPS versiones 07.0 y anteriores), SRT Series (SRT Series ID=1010/1019/1025: UPS versiones 08.3 y anteriores / SRT Series ID=1024: UPS versiones 01.0 y anteriores / SRT Series ID=1020: UPS versiones 10.4 y anteriores / SRT Series ID=1021: UPS versiones 12.2 y anteriores / SRT Series ID=1001/1013: UPS versiones 05.1 y anteriores / SRT Series ID=1002/1014: UPS versiones a05.2 y anteriores), Familia SmartConnect de APC: Serie SMT (Serie SMT ID=1015: UPS versiones 04.5 y anteriores), Serie SMC (Serie SMC ID=1018: UPS versiones 04.2 y anteriores), Serie SMTL (Serie SMTL ID=1026: UPS versiones 02.9 y anteriores), Serie SCL (Serie SCL ID=1029: UPS versiones 02.5 y anteriores / SCL Series ID=1030: UPS versiones 02.5 y anteriores / SCL Series ID=1036: UPS versiones 02.5 y anteriores / SCL Series ID=1037: UPS versiones 03.1 y anteriores), SMX Series (SMX Series ID=1031: UPS versiones 03.1 y anteriores)"
    }
  ],
  "id": "CVE-2022-0715",
  "lastModified": "2024-11-21T06:39:14.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-09T20:15:08.300",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-fxwp-hqgp-45qg

Vulnerability from github

Published

2022-03-10 00:00

Modified

2022-03-19 00:01

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-0715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-09T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)",
  "id": "GHSA-fxwp-hqgp-45qg",
  "modified": "2022-03-19T00:01:37Z",
  "published": "2022-03-10T00:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0715"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2022-067-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-0715 (GCVE-0-2022-0715)

Vulnerability from cvelistv5

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from variot

Vulnerability from cnvd

Vulnerability from gsd

Vulnerability from fkie_nvd

Vulnerability from github

Tags

Sightings

Nomenclature