CVE-2022-22806:
CVE-2022-22806 describes a CWE-294 Authentication Bypass by Capture-replay vulnerability in Schneider Electric SmartConnect UPS management interfaces, which could allow an unauthenticated connection to the UPS when a malformed connection is sent. The affected products cover the SmartConnect family across SMT Series (UPS 04.5 and prior), SMC Series (UPS 04.2 and prior), SMTL Series (UPS 02.9 and prior), SCL Series (UPS 02.5 and prior / 03.1 prior), and SMX Series (UPS 03.1 and prior).
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Mar 9, 2022
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.2
- EPSS Percentile:45%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
CVE-2022-22806 describes a CWE-294 Authentication Bypass by Capture-replay vulnerability in Schneider Electric SmartConnect UPS management interfaces, which could allow an unauthenticated connection to the UPS when a malformed connection is sent. The affected products cover the SmartConnect family across SMT Series (UPS 04.5 and prior), SMC Series (UPS 04.2 and prior), SMTL Series (UPS 02.9 and prior), SCL Series (UPS 02.5 and prior / 03.1 prior), and SMX Series (UPS 03.1 and prior).
Overview
Schneider Electric SmartConnect UPS devices are vulnerable to an authentication bypass through capture-replay, potentially allowing attackers to connect to the UPS management interface without valid credentials. The affected products span the SMT, SMC, SMTL, SCL, and SMX series of SmartConnect devices, including various firmware/series IDs and prior versions as listed in the advisory. This highlights a risk of unauthorized access to UPS configuration and status information via malformed protocol interactions, underscoring the importance of applying vendor-provided patches and implementing network-level mitigations.
Remediation
- Update to the latest firmware or software patch released by Schneider Electric that addresses CVE-2022-22806, as documented in SEVD-2022-067-02. Apply the vendor remediation and verify that the affected SM T, SMC, SMTL, SCL, and SMX series devices are updated to a non-vulnerable version.
- If an immediate firmware upgrade is not available for certain devices, implement mitigations: restrict access to UPS management interfaces to trusted networks only, place devices behind strong network segmentation or a management VPN, and disable or harden any unauthenticated management protocols or legacy access paths.
- Enforce strong authentication and credential hygiene on management interfaces after patching; rotate credentials as appropriate and ensure access is audited.
- Validate remediation by testing that the vulnerability cannot be triggered (e.g., verify that crafted connections do not bypass authentication) and review logs for any suspicious attempts. Plan and execute a follow-up verification after the update.
- Maintain an inventory of affected devices, track firmware levels, and monitor Schneider Electric advisories for any further CVE-family updates or hotfixes.
References
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
