The cybersecurity firm, Armis has recently discovered that Schneider Electric’s subsidiary, APC Smart-UPS devices, are vulnerable to attacks, as, in PC Smart-UPS devices, three critical vulnerabilities were detected.
An APC Smart-UPS device is a type of backup battery that provides power back up to IT assets within a network. However, the three severe vulnerabilities that were discovered could allow an attacker to execute extreme attacks targeting both physical devices and IT assets remotely by taking over Smart-UPS devices.
The vulnerabilities were dubbed TLStorm, and by exploiting the detected critical flaws, an attacker can perform:-
Vulnerabilities that were uncovered by the recent APC security re-assessment are widespread and used in a variety of areas such as:-
Three critical vulnerabilities were detected, and here below, we have mentioned them all:-
Below we have mentioned all the products that are affected:-
Armis has claimed that these critical vulnerabilities were detected in the SmartConnect and Smart-UPS family of products which of APC would leave the devices exposed to several attacks.
The CVE-2022-22805 and CVE-2022-22806 were found in the implementation of the TLS; it’s a protocol that creates a link between Smart-UPS devices and SmartConnect, a cloud management feature of Schneider Electric.
The CVE-2022-0715 is the third one that is related to the firmware of almost all APC Smart-UPS devices, an unsigned firmware upgrade that can be updated over the network.
The cybersecurity analysts at Armis security firm has recommended a few security mitigations:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has…
Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a…
The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black Banshee,”…
The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear phishing…
IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…
Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…