Friday, April 19, 2024

Critical Vulnerabilities In APC Smart-UPS Devices Let Attackers Remotely Manipulate The Power

The cybersecurity firm, Armis has recently discovered that Schneider Electric’s subsidiary, APC Smart-UPS devices, are vulnerable to attacks, as, in PC Smart-UPS devices, three critical vulnerabilities were detected.

An APC Smart-UPS device is a type of backup battery that provides power back up to IT assets within a network. However, the three severe vulnerabilities that were discovered could allow an attacker to execute extreme attacks targeting both physical devices and IT assets remotely by taking over Smart-UPS devices.

The vulnerabilities were dubbed TLStorm, and by exploiting the detected critical flaws, an attacker can perform:-

  • Remote code execution.
  • Replace firmware.
  • Potentially burn the entire unit.

Vulnerabilities that were uncovered by the recent APC security re-assessment are widespread and used in a variety of areas such as:- 

  • Government
  • Healthcare
  • Industrial
  • IT
  • Retail
  • OT/ICS environments
  • Residences
  • Server rooms
  • Energy suppliers


Three critical vulnerabilities were detected, and here below, we have mentioned them all:-

  • CVE ID: CVE-2022-22806
  • Summary: TLS authentication bypass
  • Description: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade.
  • Severity: Critical
  • CVE ID: CVE-2022-22805
  • Summary: TLS buffer overflow
  • Description: A memory corruption bug in packet reassembly (RCE).
  • Severity: Critical
  • CVE ID: CVE-2022-0715
  • Summary: RCE
  • Description: Unsigned firmware upgrade that can be updated over the network (RCE).
  • Severity: Critical

Affected Products

Below we have mentioned all the products that are affected:-

  • Smart-UPS SMT and SMC Series
  • SmartConnect SMT and SMC Series
  • Smart-UPS SCL, SMX, and SRT Series
  • SmartConnect SMTL, SCL, and SMX Series

Risk Aspect

Armis has claimed that these critical vulnerabilities were detected in the SmartConnect and Smart-UPS family of products which of APC would leave the devices exposed to several attacks.

The CVE-2022-22805 and CVE-2022-22806 were found in the implementation of the TLS; it’s a protocol that creates a link between Smart-UPS devices and SmartConnect, a cloud management feature of Schneider Electric.

The CVE-2022-0715 is the third one that is related to the firmware of almost all APC Smart-UPS devices, an unsigned firmware upgrade that can be updated over the network.

Security Recommendations

The cybersecurity analysts at Armis security firm has recommended a few security mitigations:-

  • From the Schneider Electric website, immediately install all the available patches.
  • Locate and isolate all the remote devices, control, and safety system networks that are behind firewalls.
  • Never connect any programming software to an unknown network.
  • Do not allow mobile devices that have connected to any other network.
  • Make sure that all the control system devices and systems are not accessible from the Internet.
  • Make sure to deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate.
  • Always use VPNs whenever remote access is required.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles