CVE-2022-0715
📋 TL;DR
This CVE-2022-0715 is an improper authentication vulnerability in APC Smart-UPS and SmartConnect UPS devices, allowing attackers to upload malicious firmware if a key is leaked, potentially causing arbitrary behavior changes or disruption. Affected users include those with specific APC UPS models across SMT, SMC, SCL, SMX, and SRT series, as well as SmartConnect variants, with firmware versions prior to those listed in the advisory.
💻 Affected Systems
- APC Smart-UPS Family: SMT Series, SMC Series, SCL Series, SMX Series, SRT Series
- APC SmartConnect Family: SMT Series, SMC Series, SMTL Series, SCL Series, SMX Series
📦 What is this software?
Scl Series 1029 Ups Firmware by Schneider Electric
Scl Series 1030 Ups Firmware by Schneider Electric
Scl Series 1030 Ups Firmware by Schneider Electric
Scl Series 1036 Ups Firmware by Schneider Electric
Scl Series 1036 Ups Firmware by Schneider Electric
Scl Series 1037 Ups Firmware by Schneider Electric
Smc Series 1005 Ups Firmware by Schneider Electric
Smc Series 1007 Ups Firmware by Schneider Electric
Smc Series 1018 Ups Firmware by Schneider Electric
Smc Series 1041 Ups Firmware by Schneider Electric
Smt Series 1015 Ups Firmware by Schneider Electric
Smt Series 1031 Ups Firmware by Schneider Electric
Smt Series 1040 Ups Firmware by Schneider Electric
Smt Series 18 Ups Firmware by Schneider Electric
Smtl Series 1026 Ups Firmware by Schneider Electric
Smx Series 1031 Ups Firmware by Schneider Electric
Smx Series 20 Ups Firmware by Schneider Electric
Smx Series 23 Ups Firmware by Schneider Electric
Srt Series 1001 Ups Firmware by Schneider Electric
Srt Series 1002 Ups Firmware by Schneider Electric
Srt Series 1010 Ups Firmware by Schneider Electric
Srt Series 1013 Ups Firmware by Schneider Electric
Srt Series 1014 Ups Firmware by Schneider Electric
Srt Series 1019 Ups Firmware by Schneider Electric
Srt Series 1020 Ups Firmware by Schneider Electric
Srt Series 1021 Ups Firmware by Schneider Electric
Srt Series 1025 Ups Firmware by Schneider Electric
Srtl1000rmxli Firmware by Schneider Electric
Srtl1000rmxli Nc Firmware by Schneider Electric
Srtl1500rmxli Firmware by Schneider Electric
Srtl1500rmxli Nc Firmware by Schneider Electric
Srtl2200rmxli Firmware by Schneider Electric
Srtl2200rmxli Nc Firmware by Schneider Electric
Srtl3000rmxli Firmware by Schneider Electric
Srtl3000rmxli Nc Firmware by Schneider Electric
⚠️ Risk & Real-World Impact
Worst Case
An attacker could upload malicious firmware to compromise the UPS, leading to complete device failure, data loss from attached systems, or physical damage to connected equipment.
Likely Case
Attackers may exploit leaked keys to disrupt UPS operations, causing power outages or instability for critical infrastructure, though this requires access to the key.
If Mitigated
With proper key management and network segmentation, the risk is reduced to minimal, as exploitation depends on key leakage and network access.
🎯 Exploit Status
Exploitation requires a leaked key to upload firmware, making it dependent on key access rather than technical complexity; no public proof-of-concept has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Refer to vendor advisory for specific patched versions per product series, e.g., update to firmware beyond the listed prior versions.
Vendor Advisory: https://www.se.com/ww/en/download/document/SEVD-2022-067-02/
Restart Required: Yes
Instructions:
1. Identify your APC UPS model and series ID. 2. Check the vendor advisory for the patched firmware version. 3. Download the firmware update from the official Schneider Electric website. 4. Follow the vendor's instructions to upload and apply the firmware update to the UPS device. 5. Restart the UPS as required to complete the update.
🔧 Temporary Workarounds
Restrict Network Access
allLimit network access to UPS devices to trusted internal networks only, reducing exposure to potential attackers.
Secure Key Management
allEnsure UPS keys are stored securely, rotated regularly, and access is restricted to authorized personnel to prevent leakage.
🧯 If You Can't Patch
- Isolate UPS devices on a segmented network with strict firewall rules to block unauthorized access.
- Monitor network traffic to and from UPS devices for unusual upload attempts or key usage anomalies.
🔍 How to Verify
Check if Vulnerable:
Check the firmware version on your APC UPS device via its management interface or CLI; compare with the affected versions listed in the vendor advisory.Check Version:
Use the UPS management software or web interface; specific commands vary by model, but generally, access the device settings to view firmware details.Verify Fix Applied:
After updating, verify the firmware version has been upgraded to a patched version as specified in the advisory, and test UPS functionality for stability.📡 Detection & Monitoring
Log Indicators:
- Log entries showing unauthorized firmware upload attempts or key usage from unexpected sources.
Network Indicators:
- Unusual network traffic to UPS management ports, especially firmware upload packets from untrusted IPs.
SIEM Query:
Example: 'source_ip: [UPS_IP] AND (event_type: firmware_upload OR protocol: HTTP/HTTPS to UPS_port)'