CVE-2022-22806

Published: Mar 9, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Affected (8)

Products: Schneider Electric: Smt Series 1015 Ups Firmware, Smc Series 1018 Ups Firmware, Smtl Series 1026 Ups Firmware, Scl Series 1029 Ups Firmware, Scl Series 1030 Ups Firmware, Scl Series 1036 Ups Firmware, Scl Series 1037 Ups Firmware, Smx Series 1031 Ups Firmware

Schneider Electric

8 products

Smt Series 1015 Ups Firmware

Smc Series 1018 Ups Firmware

Smtl Series 1026 Ups Firmware

Scl Series 1029 Ups Firmware

Scl Series 1030 Ups Firmware

Scl Series 1036 Ups Firmware

Scl Series 1037 Ups Firmware

Smx Series 1031 Ups Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smt Series 1015 Ups Firmware	Up to 04.5

Running on/with	Platform Versions
Schneider Electric Smt Series 1015 Ups	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smc Series 1018 Ups Firmware	Up to 04.2

Running on/with	Platform Versions
Schneider Electric Smc Series 1018 Ups	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smtl Series 1026 Ups Firmware	Up to 02.9

Running on/with	Platform Versions
Schneider Electric Smtl Series 1026 Ups	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1029 Ups Firmware	Up to 02.5

Running on/with	Platform Versions
Schneider Electric Scl Series 1029 Ups	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1030 Ups Firmware	Up to 02.5

Running on/with	Platform Versions
Schneider Electric Scl Series 1030 Ups	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1036 Ups Firmware	Up to 02.5

Running on/with	Platform Versions
Schneider Electric Scl Series 1036 Ups	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Scl Series 1037 Ups Firmware	Up to 03.1

Running on/with	Platform Versions
Schneider Electric Scl Series 1037 Ups	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Schneider Electric Smx Series 1031 Ups Firmware	Up to 03.1

Running on/with	Platform Versions
Schneider Electric Smx Series 1031 Ups	All versions

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (2)

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Source: cybersecurity@se.com

Vendor Advisory

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.