The cybersecurity firm, Armis has recently discovered that Schneider Electric’s subsidiary, APC Smart-UPS devices, are vulnerable to attacks, as, in PC Smart-UPS devices, three critical vulnerabilities were detected.
An APC Smart-UPS device is a type of backup battery that provides power back up to IT assets within a network. However, the three severe vulnerabilities that were discovered could allow an attacker to execute extreme attacks targeting both physical devices and IT assets remotely by taking over Smart-UPS devices.
The vulnerabilities were dubbed TLStorm, and by exploiting the detected critical flaws, an attacker can perform:-
Vulnerabilities that were uncovered by the recent APC security re-assessment are widespread and used in a variety of areas such as:-
Three critical vulnerabilities were detected, and here below, we have mentioned them all:-
Below we have mentioned all the products that are affected:-
Armis has claimed that these critical vulnerabilities were detected in the SmartConnect and Smart-UPS family of products which of APC would leave the devices exposed to several attacks.
The CVE-2022-22805 and CVE-2022-22806 were found in the implementation of the TLS; it’s a protocol that creates a link between Smart-UPS devices and SmartConnect, a cloud management feature of Schneider Electric.
The CVE-2022-0715 is the third one that is related to the firmware of almost all APC Smart-UPS devices, an unsigned firmware upgrade that can be updated over the network.
The cybersecurity analysts at Armis security firm has recommended a few security mitigations:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the…
Hackers use deep fake AI photos to impersonate individuals online, allowing them to deceive, manipulate, or gain unauthorized access to…
Cuttlefish is a new malware platform that has been identified to be active since at least July 2023. This malware…
Multiple vulnerabilities have been discovered in ArubaOS that affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways,…
While facilitating remote work, remote desktop software presents security challenges for IT teams due to the use of various tools…
A group of hackers has claimed responsibility for infiltrating several servers belonging to the United Arab Emirates government. The announcement…