{"containers":{"cna":{"affected":[{"product":"APC Smart-UPS","vendor":"Schneider Electric","versions":[{"status":"affected","version":"SMT Series"},{"status":"affected","version":"SMC Series"},{"status":"affected","version":"SCL Series"},{"status":"affected","version":"SMX Series"},{"status":"affected","version":"SRT Series"}]},{"product":"SmartConnect","vendor":"Schneider Electric","versions":[{"status":"affected","version":"SMT Series"},{"status":"affected","version":"SMC Series"},{"status":"affected","version":"SMTL Series"},{"status":"affected","version":"SCL Series"},{"status":"affected","version":"SMX Series"}]}],"descriptions":[{"lang":"en","value":"A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"CWE-287 Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-03-28T16:25:27.000Z","orgId":"076d1eb6-cfab-4401-b34d-6dfc2a413bdb","shortName":"schneider"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cybersecurity@schneider-electric.com","ID":"CVE-2022-0715","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"APC Smart-UPS","version":{"version_data":[{"version_value":"SMT Series"},{"version_value":"SMC Series"},{"version_value":"SCL Series"},{"version_value":"SMX Series"},{"version_value":"SRT Series"}]}},{"product_name":"SmartConnect","version":{"version_data":[{"version_value":"SMT Series"},{"version_value":"SMC Series"},{"version_value":"SMTL Series"},{"version_value":"SCL Series"},{"version_value":"SMX Series"}]}}]},"vendor_name":"Schneider Electric"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)"}]},"generator":{"engine":"Vulnogram 0.0.9"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-287 Improper Authentication"}]}]},"references":{"reference_data":[{"name":"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/","refsource":"MISC","url":"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:40:03.366Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.se.com/ww/en/download/document/SEVD-2022-067-02/"}]}]},"cveMetadata":{"assignerOrgId":"076d1eb6-cfab-4401-b34d-6dfc2a413bdb","assignerShortName":"schneider","cveId":"CVE-2022-0715","datePublished":"2022-03-09T19:30:14.000Z","dateReserved":"2022-02-21T00:00:00.000Z","dateUpdated":"2024-08-02T23:40:03.366Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}