CVE-2022-22806

09.03.2022, 20:15

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
schneider	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 56%

Vendor	Product	Version
schneider-electric	smt_series_1015_ups_firmware	𝑥 ≤ 04.5
schneider-electric	smc_series_1018_ups_firmware	𝑥 ≤ 04.2
schneider-electric	smtl_series_1026_ups_firmware	𝑥 ≤ 02.9
schneider-electric	scl_series_1029_ups_firmware	𝑥 ≤ 02.5
schneider-electric	scl_series_1030_ups_firmware	𝑥 ≤ 02.5
schneider-electric	scl_series_1036_ups_firmware	𝑥 ≤ 02.5
schneider-electric	scl_series_1037_ups_firmware	𝑥 ≤ 03.1
schneider-electric	smx_series_1031_ups_firmware	𝑥 ≤ 03.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-294 - Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/