PT-2022-1931 · Apc · Apc Smartconnect Family+1
Published
2022-03-09
·
Updated
2024-10-21
·
CVE-2022-0715
CVSS v2.0
9.4
Critical
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
APC Smart-UPS Family: SMT Series versions 09.8 and prior
APC Smart-UPS Family: SMT Series versions 01.2 and prior
APC Smart-UPS Family: SMT Series versions 03.1 and prior
APC Smart-UPS Family: SMC Series versions 14.1 and prior
APC Smart-UPS Family: SMC Series versions 11.0 and prior
APC Smart-UPS Family: SMC Series versions 01.1 and prior
APC Smart-UPS Family: SCL Series versions 02.5 and prior
APC Smart-UPS Family: SMX Series versions 10.2 and prior
APC Smart-UPS Family: SMX Series versions 07.0 and prior
APC Smart-UPS Family: SRT Series versions 08.3 and prior
APC Smart-UPS Family: SRT Series versions 01.0 and prior
APC Smart-UPS Family: SRT Series versions 10.4 and prior
APC Smart-UPS Family: SRT Series versions 12.2 and prior
APC Smart-UPS Family: SRT Series versions 05.1 and prior
APC Smart-UPS Family: SRT Series versions 05.2 and prior
APC SmartConnect Family: SMT Series versions 04.5 and prior
APC SmartConnect Family: SMC Series versions 04.2 and prior
APC SmartConnect Family: SMTL Series versions 02.9 and prior
APC SmartConnect Family: SCL Series versions 02.5 and prior
APC SmartConnect Family: SCL Series versions 03.1 and prior
APC SmartConnect Family: SMX Series versions 03.1 and prior
Description
A vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. The issue is related to improper authentication.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insufficient Verification of Data Authenticity
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apc Smart-Ups Family
Apc Smartconnect Family