The cybersecurity firm, Armis has recently discovered that Schneider Electric’s subsidiary, APC Smart-UPS devices, are vulnerable to attacks, as, in PC Smart-UPS devices, three critical vulnerabilities were detected.
An APC Smart-UPS device is a type of backup battery that provides power back up to IT assets within a network. However, the three severe vulnerabilities that were discovered could allow an attacker to execute extreme attacks targeting both physical devices and IT assets remotely by taking over Smart-UPS devices.
The vulnerabilities were dubbed TLStorm, and by exploiting the detected critical flaws, an attacker can perform:-
- Remote code execution.
- Replace firmware.
- Potentially burn the entire unit.
Vulnerabilities that were uncovered by the recent APC security re-assessment are widespread and used in a variety of areas such as:-Â
- Government
- Healthcare
- Industrial
- IT
- Retail
- OT/ICS environments
- Residences
- Server rooms
- Energy suppliers
Vulnerabilities
Three critical vulnerabilities were detected, and here below, we have mentioned them all:-
- CVE ID: CVE-2022-22806
- Summary: TLS authentication bypass
- Description: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade.
- Severity: Critical
- CVE ID: CVE-2022-22805
- Summary: TLS buffer overflow
- Description: A memory corruption bug in packet reassembly (RCE).
- Severity: Critical
- CVE ID: CVE-2022-0715
- Summary: RCE
- Description: Unsigned firmware upgrade that can be updated over the network (RCE).
- Severity: Critical
Affected Products
Below we have mentioned all the products that are affected:-
- Smart-UPS SMT and SMC Series
- SmartConnect SMT and SMC Series
- Smart-UPS SCL, SMX, and SRT Series
- SmartConnect SMTL, SCL, and SMX Series
Risk Aspect
Armis has claimed that these critical vulnerabilities were detected in the SmartConnect and Smart-UPS family of products which of APC would leave the devices exposed to several attacks.
The CVE-2022-22805 and CVE-2022-22806 were found in the implementation of the TLS; it’s a protocol that creates a link between Smart-UPS devices and SmartConnect, a cloud management feature of Schneider Electric.
The CVE-2022-0715 is the third one that is related to the firmware of almost all APC Smart-UPS devices, an unsigned firmware upgrade that can be updated over the network.
Security Recommendations
The cybersecurity analysts at Armis security firm has recommended a few security mitigations:-
- From the Schneider Electric website, immediately install all the available patches.
- Locate and isolate all the remote devices, control, and safety system networks that are behind firewalls.
- Never connect any programming software to an unknown network.
- Do not allow mobile devices that have connected to any other network.
- Make sure that all the control system devices and systems are not accessible from the Internet.
- Make sure to deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate.
- Always use VPNs whenever remote access is required.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
