CVE-2022-22806 — CRITICAL (9.8)

Q: How severe is CVE-2022-22806?

CVE-2022-22806 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-22806?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Smt Series 1015 Ups Firmware, Schneider-Electric Smt Series 1015 Ups, Schneider-Electric Smc Series 1018 Ups Firmware, Schneider-Electric Smc Series 1018 Ups, Schneider-Electric Smtl Series 1026 Ups Firmware.

Vulnerability Description

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Schneider-Electric	Smt Series 1015 Ups Firmware	<= 04.5
Schneider-Electric	Smt Series 1015 Ups	-
Schneider-Electric	Smc Series 1018 Ups Firmware	<= 04.2
Schneider-Electric	Smc Series 1018 Ups	-
Schneider-Electric	Smtl Series 1026 Ups Firmware	<= 02.9
Schneider-Electric	Smtl Series 1026 Ups	-
Schneider-Electric	Scl Series 1029 Ups Firmware	<= 02.5
Schneider-Electric	Scl Series 1029 Ups	-
Schneider-Electric	Scl Series 1030 Ups Firmware	<= 02.5
Schneider-Electric	Scl Series 1030 Ups	-
Schneider-Electric	Scl Series 1036 Ups Firmware	<= 02.5
Schneider-Electric	Scl Series 1036 Ups	-
Schneider-Electric	Scl Series 1037 Ups Firmware	<= 03.1
Schneider-Electric	Scl Series 1037 Ups	-
Schneider-Electric	Smx Series 1031 Ups Firmware	<= 03.1
Schneider-Electric	Smx Series 1031 Ups	-

Related Weaknesses (CWE)

CWE-294

References

https://www.se.com/ww/en/download/document/SEVD-2022-067-02/Vendor Advisory
https://www.se.com/ww/en/download/document/SEVD-2022-067-02/Vendor Advisory

FAQ

What is CVE-2022-22806?

CVE-2022-22806 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Fa...

How severe is CVE-2022-22806?

CVE-2022-22806 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-22806?

Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Smt Series 1015 Ups Firmware, Schneider-Electric Smt Series 1015 Ups, Schneider-Electric Smc Series 1018 Ups Firmware, Schneider-Electric Smc Series 1018 Ups, Schneider-Electric Smtl Series 1026 Ups Firmware.