Headline
CVE-2022-22806: Security Notification - APC Smart-UPS SMT, SMC, SMX, SCL, SMTL, SRT, and select SRTL Series | Schneider Electric
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)
May 2022 Update: Added SRC & XU series to affected products section (page 2) and added SmartConnect family SMTL, SCL, and SMX Series in the available remediations section (page 5).
Reference
:
SEVD-2022-067-02
Date
:
06/05/2022
Type
:
Security and Safety Notice
Languages :
English
Latest Version :
3.0
Files
Size
SEVD-2022-067-02_APC_Smart-UPS_CSAF (.json)
51.5 kb
action_download_stroke
SEVD-2022-067-02_Smart-UPS_Security_Notification_V3.0 (.pdf)
283.1 kb
action_download_stroke
Download (.zip)
Add to my Documents
Unlock additional features****Please log in or register to see additional features
Log in / Register