A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HSchneider Electric Scl Series 1029 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1029 Ups Firmware
OSSchneider-Electric≤ 02.5Schneider Electric Scl Series 1030 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1030 Ups Firmware
OSSchneider-Electric≤ 02.5Schneider Electric Scl Series 1036 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1036 Ups Firmware
OSSchneider-Electric≤ 02.5Schneider Electric Scl Series 1037 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Scl Series 1037 Ups Firmware
OSSchneider-Electric≤ 03.1Schneider Electric Smc Series 1005 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smc Series 1005 Ups Firmware
OSSchneider-Electric≤ 14.1Schneider Electric Smc Series 1007 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smc Series 1007 Ups Firmware
OSSchneider-Electric≤ 11.0Schneider Electric Smc Series 1018 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smc Series 1018 Ups Firmware
OSSchneider-Electric≤ 04.2Schneider Electric Smc Series 1041 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smc Series 1041 Ups Firmware
OSSchneider-Electric≤ 01.1Schneider Electric Smtl Series 1026 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smtl Series 1026 Ups Firmware
OSSchneider-Electric≤ 02.9Schneider Electric Smt Series 1015 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smt Series 1015 Ups Firmware
OSSchneider-Electric≤ 04.5Schneider Electric Smt Series 1031 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smt Series 1031 Ups Firmware
OSSchneider-Electric≤ 03.1Schneider Electric Smt Series 1040 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smt Series 1040 Ups Firmware
OSSchneider-Electric≤ 01.2Schneider Electric Smt Series 18 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smt Series 18 Ups Firmware
OSSchneider-Electric≤ 09.8Schneider Electric Smx Series 1031 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smx Series 1031 Ups Firmware
OSSchneider-Electric≤ 03.1Schneider Electric Smx Series 20 Ups
HWSchneider-Electricwszystkie wersjeSchneider Electric Smx Series 20 Ups Firmware
OSSchneider-Electric≤ 10.2
Related vulnerabilities
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that co...
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated co...
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unw...
Brak autoryzacji w Schneider Electric EcoStruxure IT Gateway (CVSS 10.0)
Ujawnienie poświadczeń w urządzeniu Schneider Electric WHC-5918A