The cybersecurity firm, Armis has recently discovered that Schneider Electric’s subsidiary, APC Smart-UPS devices, are vulnerable to attacks, as, in PC Smart-UPS devices, three critical vulnerabilities were detected.
An APC Smart-UPS device is a type of backup battery that provides power back up to IT assets within a network. However, the three severe vulnerabilities that were discovered could allow an attacker to execute extreme attacks targeting both physical devices and IT assets remotely by taking over Smart-UPS devices.
The vulnerabilities were dubbed TLStorm, and by exploiting the detected critical flaws, an attacker can perform:-
Vulnerabilities that were uncovered by the recent APC security re-assessment are widespread and used in a variety of areas such as:-
Three critical vulnerabilities were detected, and here below, we have mentioned them all:-
Below we have mentioned all the products that are affected:-
Armis has claimed that these critical vulnerabilities were detected in the SmartConnect and Smart-UPS family of products which of APC would leave the devices exposed to several attacks.
The CVE-2022-22805 and CVE-2022-22806 were found in the implementation of the TLS; it’s a protocol that creates a link between Smart-UPS devices and SmartConnect, a cloud management feature of Schneider Electric.
The CVE-2022-0715 is the third one that is related to the firmware of almost all APC Smart-UPS devices, an unsigned firmware upgrade that can be updated over the network.
The cybersecurity analysts at Armis security firm has recommended a few security mitigations:-
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Cybersecurity firm Bitdefender has patched a severe flaw (CVE-2025-2244) in its GravityZone Console, which could…
The National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity has undergone a significant…
As cyber threats grow increasingly sophisticated, traditional security tools often fall short in providing comprehensive…
Cybersecurity researcher "0xdf" has cracked the "Ghost" challenge on Hack The Box (HTB), a premier…
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering…
The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…