APC Smart-UPS Devices Are Vulnerable to Remote Hijacking

The APC Smart-UPS devices are found to be flawed in certain aspects, putting all such devices at risk of cyberattacks in various offices where they are installed.

This comes from Armis researchers, who detailed TLStorm – a bunch of three vulnerabilities in APC Smart-UPS systems. They warned that threat actors can exploit them to control the Smart-UPS remotely, and function it accordingly. Patches for this issue were issued by APC, so it’s highly recommended to apply if you’re a user of them.

Zero-Click Bugs in APC Smart-UPS Devices

An uninterrupted power supply (UPS) is a much-needed device if you want your PC to keep working even after a power cut. Critical infrastructure like data centers and medical equipment are supposed to run all the time, thus should be set up with a UPS for emergency backup.

APC Smart-UPS Devices Are Vulnerable to Remote Hijacking

And APC has grown it’s name well in this field, by making quality UPS devices for all forms of business in governmental healthcare, industrial, IT, and retail sectors. But, researchers at Armis have spotted three critical vulnerabilities in APC’s Smart-UPS devices, which are of zero-click, which means, needs no interaction from the targeted users to be exploited.

Researchers said two (CVE-2022-22805 and CVE-2022-22806) of the three bugs are related to improper TLS connections, while the other (CVE-2022-0715) is a firmware bug. All these three are collectively known as TLStorm.

They further explained that they’re able to intercept the connection between Smart-UPS’ SmartConnect to Schneider Electric management cloud, a setup that’s useful for managing them remotely for functions like pushing new features and other necessary updates remotely.

And like them, any threat actor intercepting the connections can push a maliciously crafted firmware update and hijack the Smart-UPS systems remotely. They noted the operation as;

  • The latest Smart-UPS devices featuring the SmartConnect cloud connection functionality can be upgraded from the cloud management console over the Internet
  • Older Smart-UPS devices which use the Network Management Card (NMC) can be updated over the local network
  • Most Smart-UPS devices can also be upgraded using a USB drive

Armis researchers have detailed this in a white paper, where APC has listed mitigation measures and fixes to secure the Smart-UPS devices. Here are they;

  1. Install the patches available on the Schneider Electric website.
  2. If you are using the NMC, change the default NMC password (“apc”) and install a publicly-signed SSL certificate so that an attacker on your network will not be able to intercept the new password. To further limit the attack surface of your NMC, refer to the Schneider Electric Security Handbook for NMC 2 and NMC 3.
  3. Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of managed devices and the Schneider Electric Cloud via encrypted communications.

Other Trending News:-  News


Please enter your comment!
Please enter your name here