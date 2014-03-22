from the exploding-UPSs-are-fun dept.
APC UPS zero-day bugs can remotely burn out devices, disable power:
A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric.
[...] Two of the vulnerabilities, CVE-2022-22805 and CVE-2022-22806 are in the implementation of the TLS (Transport Layer Security) protocol that connects the Smart-UPS devices with the "SmartConnect" feature to the Schneider Electric management cloud.
The third one, identified as CVE-2022-0715, relates to the firmware of "almost all APC Smart-UPS devices," which is not cryptographically signed and its authenticity cannot be verified when installed on the system.
While the firmware is encrypted (symmetric), it lacks a cryptographic signature, allowing threat actors to create a malicious version of it and deliver it as an update to target UPS devices to achieve remote code execution (RCE).
Armis researchers were able to exploit the flaw and build a malicious APC firmware version that was accepted by Smart-UPS devices as an official update, a process that is performed differently depending on the target [...]
[...] The researchers' report explains the technical aspects for all three TLStorm vulnerabilities and provides a set of recommendations to secure UPS devices:
- Install the patches available on the Schneider Electric website
- If you are using the NMC, change the default NMC password ("apc") and install a publicly-signed SSL certificate so that an attacker on your network will not be able to intercept the new password. To further limit the attack surface of your NMC, refer to the Schneider Electric Security Handbook for NMC 2 and NMC 3.
- Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communications.
Armis has also published technical white paper with all the details of the research.
I miss the days of Smart people and Dumb machines...