Categories: cyber security

Critical Vulnerabilities In APC Smart-UPS Devices Let Attackers Remotely Manipulate The Power

The cybersecurity firm, Armis has recently discovered that Schneider Electric’s subsidiary, APC Smart-UPS devices, are vulnerable to attacks, as, in PC Smart-UPS devices, three critical vulnerabilities were detected.

An APC Smart-UPS device is a type of backup battery that provides power back up to IT assets within a network. However, the three severe vulnerabilities that were discovered could allow an attacker to execute extreme attacks targeting both physical devices and IT assets remotely by taking over Smart-UPS devices.

The vulnerabilities were dubbed TLStorm, and by exploiting the detected critical flaws, an attacker can perform:-

  • Remote code execution.
  • Replace firmware.
  • Potentially burn the entire unit.

Vulnerabilities that were uncovered by the recent APC security re-assessment are widespread and used in a variety of areas such as:- 

  • Government
  • Healthcare
  • Industrial
  • IT
  • Retail
  • OT/ICS environments
  • Residences
  • Server rooms
  • Energy suppliers

Vulnerabilities

Three critical vulnerabilities were detected, and here below, we have mentioned them all:-

  • CVE ID: CVE-2022-22806
  • Summary: TLS authentication bypass
  • Description: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade.
  • Severity: Critical
  • CVE ID: CVE-2022-22805
  • Summary: TLS buffer overflow
  • Description: A memory corruption bug in packet reassembly (RCE).
  • Severity: Critical
  • CVE ID: CVE-2022-0715
  • Summary: RCE
  • Description: Unsigned firmware upgrade that can be updated over the network (RCE).
  • Severity: Critical

Affected Products

Below we have mentioned all the products that are affected:-

  • Smart-UPS SMT and SMC Series
  • SmartConnect SMT and SMC Series
  • Smart-UPS SCL, SMX, and SRT Series
  • SmartConnect SMTL, SCL, and SMX Series

Risk Aspect

Armis has claimed that these critical vulnerabilities were detected in the SmartConnect and Smart-UPS family of products which of APC would leave the devices exposed to several attacks.

The CVE-2022-22805 and CVE-2022-22806 were found in the implementation of the TLS; it’s a protocol that creates a link between Smart-UPS devices and SmartConnect, a cloud management feature of Schneider Electric.

The CVE-2022-0715 is the third one that is related to the firmware of almost all APC Smart-UPS devices, an unsigned firmware upgrade that can be updated over the network.

Security Recommendations

The cybersecurity analysts at Armis security firm has recommended a few security mitigations:-

  • From the Schneider Electric website, immediately install all the available patches.
  • Locate and isolate all the remote devices, control, and safety system networks that are behind firewalls.
  • Never connect any programming software to an unknown network.
  • Do not allow mobile devices that have connected to any other network.
  • Make sure that all the control system devices and systems are not accessible from the Internet.
  • Make sure to deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate.
  • Always use VPNs whenever remote access is required.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Priya James

Recent Posts

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

April 5, 2025 – Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical…

59 minutes ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

4 hours ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

5 hours ago

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…

5 hours ago

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive…

5 hours ago

State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers

The State Bar of Texas has confirmed a data breach following the detection of unauthorized…

5 hours ago