Improper Authentication Vulnerability in APC Smart-UPS and SmartConnect Products
CVE-2022-0715

9.1CRITICAL

Key Information:

Vendor: Schneider Electric
Status: Apc Smart-ups; Smartconnect
Vendor: CVE Published:; 9 March 2022

Summary

An improper authentication vulnerability exists within specific APC Smart-UPS and SmartConnect models, allowing unauthorized access that may enable attackers to upload malicious firmware. This occurs if sensitive keys are compromised, leading to potentially undesired changes in UPS behavior. Ensuring proper authentication mechanisms are in place is critical, especially for devices managing power supply.

Affected Version(s)

APC Smart-UPS SMT Series

APC Smart-UPS SMC Series

APC Smart-UPS SCL Series

References

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2022
Vulnerability Reserved
Feb 21, 2022