A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID18: UPS 09.8 and prior / SMT Series ID1040: UPS 01.2 and prior / SMT Series ID1031: UPS 03.1 and prior), SMC Series (SMC Series ID1005: UPS 14.1 and prior / SMC Series ID1007: UPS 11.0 and prior / SMC Series ID1041: UPS 01.1 and prior), SCL Series (SCL Series ID1030: UPS 02.5 and prior / SCL Series ID1036: UPS 02.5 and prior), SMX Series (SMX Series ID20: UPS 10.2 and prior / SMX Series ID23: UPS 07.0 and prior), SRT Series (SRT Series ID1010/1019/1025: UPS 08.3 and prior / SRT Series ID1024: UPS 01.0 and prior / SRT Series ID1020: UPS 10.4 and prior / SRT Series ID1021: UPS 12.2 and prior / SRT Series ID1001/1013: UPS 05.1 and prior / SRT Series ID1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID1015: UPS 04.5 and prior), SMC Series (SMC Series ID1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID1026: UPS 02.9 and prior), SCL Series (SCL Series ID1029: UPS 02.5 and prior / SCL Series ID1030: UPS 02.5 and prior / SCL Series ID1036: UPS 02.5 and prior / SCL Series ID1037: UPS 03.1 and prior), SMX Series (SMX Series ID1031: UPS 03.1 and prior)
Publication date: Thu, 10 Mar 2022 02:15:00 +0000