9.1
CRITICAL
CVE-2022-0715
APC UPS Firmware Malicious Code Upload Vulnerability
Description

A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

INFO

Published Date :

March 9, 2022, 8:15 p.m.

Last Modified :

July 21, 2023, 5:12 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.2

Exploitability Score :

3.9
Affected Products

The following products are affected by CVE-2022-0715 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Schneider-electric smt_series_1015_ups_firmware
2 Schneider-electric smc_series_1018_ups_firmware
3 Schneider-electric smtl_series_1026_ups_firmware
4 Schneider-electric scl_series_1029_ups_firmware
5 Schneider-electric scl_series_1030_ups_firmware
6 Schneider-electric scl_series_1036_ups_firmware
7 Schneider-electric scl_series_1037_ups_firmware
8 Schneider-electric smx_series_1031_ups_firmware
9 Schneider-electric smt_series_18_ups_firmware
10 Schneider-electric smt_series_1040_ups_firmware
11 Schneider-electric smt_series_1031_ups_firmware
12 Schneider-electric smc_series_1005_ups_firmware
13 Schneider-electric smc_series_1007_ups_firmware
14 Schneider-electric smc_series_1041_ups_firmware
15 Schneider-electric smx_series_20_ups_firmware
16 Schneider-electric smx_series_23_ups_firmware
17 Schneider-electric srt_series_1010_ups_firmware
18 Schneider-electric srt_series_1019_ups_firmware
19 Schneider-electric srt_series_1025_ups_firmware
20 Schneider-electric srt_series_1020_ups_firmware
21 Schneider-electric srt_series_1021_ups_firmware
22 Schneider-electric srt_series_1001_ups_firmware
23 Schneider-electric srt_series_1013_ups_firmware
24 Schneider-electric srt_series_1002_ups_firmware
25 Schneider-electric srt_series_1014_ups_firmware
26 Schneider-electric srtl1000rmxli_firmware
27 Schneider-electric srtl1000rmxli-nc_firmware
28 Schneider-electric srtl1500rmxli-nc_firmware
29 Schneider-electric srtl1500rmxli_firmware
30 Schneider-electric srtl2200rmxli_firmware
31 Schneider-electric srtl2200rmxli-nc_firmware
32 Schneider-electric srtl3000rmxli-nc_firmware
33 Schneider-electric srtl3000rmxli_firmware
: Total Affected Vendor : 1 | Products : 33
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-0715.

URL Resource
https://www.se.com/ww/en/download/document/SEVD-2022-067-02/ Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-0715 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2022-0715 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Reanalysis by [email protected]

    Jul. 21, 2023

    Action Type Old Value New Value
    Removed CWE NIST CWE-287
    Added CWE NIST CWE-345
  • Modified Analysis by [email protected]

    May. 13, 2022

    Action Type Old Value New Value
    Changed Reference Type https://www.se.com/ww/en/download/document/SEVD-2022-067-02/ No Types Assigned https://www.se.com/ww/en/download/document/SEVD-2022-067-02/ Vendor Advisory
    Removed CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1024_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srt_series_1024_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl1000rmxli_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl1000rmxli:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl1000rmxli-nc_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl1000rmxli-nc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl1500rmxli-nc_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl1500rmxli-nc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl1500rmxli_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl1500rmxli:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl2200rmxli_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl2200rmxli:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl2200rmxli-nc_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl2200rmxli-nc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl3000rmxli-nc_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl3000rmxli-nc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srtl3000rmxli_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srtl3000rmxli:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Apr. 13, 2022

    Action Type Old Value New Value
    Removed Reference https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02 [Vendor Advisory]
    Added Reference https://www.se.com/ww/en/download/document/SEVD-2022-067-02/ [No Types Assigned]
  • Initial Analysis by [email protected]

    Mar. 18, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:N/I:P/A:P)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
    Changed Reference Type https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02 No Types Assigned https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02 Vendor Advisory
    Added CWE NIST CWE-287
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smt_series_1015_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 04.5 OR cpe:2.3:h:schneider-electric:smt_series_1015_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smc_series_1018_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 04.2 OR cpe:2.3:h:schneider-electric:smc_series_1018_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smtl_series_1026_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 02.9 OR cpe:2.3:h:schneider-electric:smtl_series_1026_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:scl_series_1029_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 02.5 OR cpe:2.3:h:schneider-electric:scl_series_1029_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 02.5 OR cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 02.5 OR cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:scl_series_1037_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 03.1 OR cpe:2.3:h:schneider-electric:scl_series_1037_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smx_series_1031_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 03.1 OR cpe:2.3:h:schneider-electric:smx_series_1031_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smt_series_18_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 09.8 OR cpe:2.3:h:schneider-electric:smt_series_18_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smt_series_1040_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.2 OR cpe:2.3:h:schneider-electric:smt_series_1040_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smt_series_1031_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 03.1 OR cpe:2.3:h:schneider-electric:smt_series_1031_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smc_series_1005_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 14.1 OR cpe:2.3:h:schneider-electric:smc_series_1005_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smc_series_1007_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 11.0 OR cpe:2.3:h:schneider-electric:smc_series_1007_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smc_series_1041_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.1 OR cpe:2.3:h:schneider-electric:smc_series_1041_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:scl_series_1030_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 02.5 OR cpe:2.3:h:schneider-electric:scl_series_1030_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:scl_series_1036_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 02.5 OR cpe:2.3:h:schneider-electric:scl_series_1036_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smx_series_20_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 10.2 OR cpe:2.3:h:schneider-electric:smx_series_20_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:smx_series_23_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 07.0 OR cpe:2.3:h:schneider-electric:smx_series_23_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1010_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 08.3 OR cpe:2.3:h:schneider-electric:srt_series_1010_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1019_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 08.3 OR cpe:2.3:h:schneider-electric:srt_series_1019_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1025_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 08.3 OR cpe:2.3:h:schneider-electric:srt_series_1025_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1024_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 01.0 OR cpe:2.3:h:schneider-electric:srt_series_1024_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1020_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 10.4 OR cpe:2.3:h:schneider-electric:srt_series_1020_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1021_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 12.2 OR cpe:2.3:h:schneider-electric:srt_series_1021_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1001_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 05.1 OR cpe:2.3:h:schneider-electric:srt_series_1001_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1013_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) 05.1 OR cpe:2.3:h:schneider-electric:srt_series_1013_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1002_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) a05.2 OR cpe:2.3:h:schneider-electric:srt_series_1002_ups:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:schneider-electric:srt_series_1014_ups_firmware:*:*:*:*:*:*:*:* versions up to (including) a05.2 OR cpe:2.3:h:schneider-electric:srt_series_1014_ups:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-0715 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-0715 weaknesses.

CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data Utilizing REST's Trust in the System Resource to Obtain Sensitive Data CAPEC-94: Adversary in the Middle (AiTM) Adversary in the Middle (AiTM) CAPEC-114: Authentication Abuse Authentication Abuse CAPEC-115: Authentication Bypass Authentication Bypass CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-194: Fake the Source of Data Fake the Source of Data CAPEC-593: Session Hijacking Session Hijacking CAPEC-633: Token Impersonation Token Impersonation CAPEC-650: Upload a Web Shell to a Web Server Upload a Web Shell to a Web Server CAPEC-111: JSON Hijacking (aka JavaScript Hijacking) JSON Hijacking (aka JavaScript Hijacking) CAPEC-141: Cache Poisoning Cache Poisoning CAPEC-142: DNS Cache Poisoning DNS Cache Poisoning CAPEC-148: Content Spoofing Content Spoofing CAPEC-218: Spoofing of UDDI/ebXML Messages Spoofing of UDDI/ebXML Messages CAPEC-384: Application API Message Manipulation via Man-in-the-Middle Application API Message Manipulation via Man-in-the-Middle CAPEC-385: Transaction or Event Tampering via Application API Manipulation Transaction or Event Tampering via Application API Manipulation CAPEC-386: Application API Navigation Remapping Application API Navigation Remapping CAPEC-387: Navigation Remapping To Propagate Malicious Content Navigation Remapping To Propagate Malicious Content CAPEC-388: Application API Button Hijacking Application API Button Hijacking CAPEC-665: Exploitation of Thunderbolt Protection Flaws Exploitation of Thunderbolt Protection Flaws CAPEC-701: Browser in the Middle (BiTM) Browser in the Middle (BiTM)
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.09 }} 0.00%

score

0.38329

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: