Categories: cyber security

Critical Vulnerabilities In APC Smart-UPS Devices Let Attackers Remotely Manipulate The Power

The cybersecurity firm, Armis has recently discovered that Schneider Electric’s subsidiary, APC Smart-UPS devices, are vulnerable to attacks, as, in PC Smart-UPS devices, three critical vulnerabilities were detected.

An APC Smart-UPS device is a type of backup battery that provides power back up to IT assets within a network. However, the three severe vulnerabilities that were discovered could allow an attacker to execute extreme attacks targeting both physical devices and IT assets remotely by taking over Smart-UPS devices.

The vulnerabilities were dubbed TLStorm, and by exploiting the detected critical flaws, an attacker can perform:-

  • Remote code execution.
  • Replace firmware.
  • Potentially burn the entire unit.

Vulnerabilities that were uncovered by the recent APC security re-assessment are widespread and used in a variety of areas such as:- 

  • Government
  • Healthcare
  • Industrial
  • IT
  • Retail
  • OT/ICS environments
  • Residences
  • Server rooms
  • Energy suppliers

Vulnerabilities

Three critical vulnerabilities were detected, and here below, we have mentioned them all:-

  • CVE ID: CVE-2022-22806
  • Summary: TLS authentication bypass
  • Description: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade.
  • Severity: Critical
  • CVE ID: CVE-2022-22805
  • Summary: TLS buffer overflow
  • Description: A memory corruption bug in packet reassembly (RCE).
  • Severity: Critical
  • CVE ID: CVE-2022-0715
  • Summary: RCE
  • Description: Unsigned firmware upgrade that can be updated over the network (RCE).
  • Severity: Critical

Affected Products

Below we have mentioned all the products that are affected:-

  • Smart-UPS SMT and SMC Series
  • SmartConnect SMT and SMC Series
  • Smart-UPS SCL, SMX, and SRT Series
  • SmartConnect SMTL, SCL, and SMX Series

Risk Aspect

Armis has claimed that these critical vulnerabilities were detected in the SmartConnect and Smart-UPS family of products which of APC would leave the devices exposed to several attacks.

The CVE-2022-22805 and CVE-2022-22806 were found in the implementation of the TLS; it’s a protocol that creates a link between Smart-UPS devices and SmartConnect, a cloud management feature of Schneider Electric.

The CVE-2022-0715 is the third one that is related to the firmware of almost all APC Smart-UPS devices, an unsigned firmware upgrade that can be updated over the network.

Security Recommendations

The cybersecurity analysts at Armis security firm has recommended a few security mitigations:-

  • From the Schneider Electric website, immediately install all the available patches.
  • Locate and isolate all the remote devices, control, and safety system networks that are behind firewalls.
  • Never connect any programming software to an unknown network.
  • Do not allow mobile devices that have connected to any other network.
  • Make sure that all the control system devices and systems are not accessible from the Internet.
  • Make sure to deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate.
  • Always use VPNs whenever remote access is required.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Priya James

Recent Posts

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…

1 day ago

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…

1 day ago

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…

1 day ago

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…

1 day ago

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…

1 day ago

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…

1 day ago