Stories
Slash Boxes
Comments

SoylentNews is people

APC UPS Zero-day Bugs Can Remotely Burn Out Devices, Disable Power

posted by FatPhil on Tuesday March 15 2022, @10:22PM   Printer-friendly
from the exploding-UPSs-are-fun dept.

upstart writes:

APC UPS zero-day bugs can remotely burn out devices, disable power:

A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric.

[...] Two of the vulnerabilities, CVE-2022-22805 and CVE-2022-22806 are in the implementation of the TLS (Transport Layer Security) protocol that connects the Smart-UPS devices with the "SmartConnect" feature to the Schneider Electric management cloud.

The third one, identified as CVE-2022-0715, relates to the firmware of "almost all APC Smart-UPS devices," which is not cryptographically signed and its authenticity cannot be verified when installed on the system.

While the firmware is encrypted (symmetric), it lacks a cryptographic signature, allowing threat actors to create a malicious version of it and deliver it as an update to target UPS devices to achieve remote code execution (RCE).

Armis researchers were able to exploit the flaw and build a malicious APC firmware version that was accepted by Smart-UPS devices as an official update, a process that is performed differently depending on the target [...]

[...] The researchers' report explains the technical aspects for all three TLStorm vulnerabilities and provides a set of recommendations to secure UPS devices:

  1. Install the patches available on the Schneider Electric website
  2. If you are using the NMC, change the default NMC password ("apc") and install a publicly-signed SSL certificate so that an attacker on your network will not be able to intercept the new password. To further limit the attack surface of your NMC, refer to the Schneider Electric Security Handbook for NMC 2 and NMC 3.
  3. Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communications.

Armis has also published technical white paper with all the details of the research.

Original Submission

 
This discussion has been archived. No new comments can be posted.
APC UPS Zero-day Bugs Can Remotely Burn Out Devices, Disable Power | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Informative) by Anonymous Coward on Wednesday March 16 2022, @01:19AM

    by Anonymous Coward on Wednesday March 16 2022, @01:19AM (#1229511)

    Yup. Also, don't connect anything to your internal network that will connect to the outside world and can't be properly audited. Invitation for an attacker to use a poorly maintained IoT gadget as a beach head behind your firewall.

    And once again, "The Cloud" is just somebody else's computers, People you have no reason to trust, either that they aren't themselves a hostile actor, but also that they can properly defend their own network. Even if these UPS boxes were themselves, initially, "secure" you have no assurance that the cloud won't get 03ned and used to load infected firmware in the devices you have stupidly placed all over the inside of your network. Be realistic, are you really going to build an entirely isolated VLAN for all the UPS boxes and other cruft like "smart" lights, Alexa, etc? You might want to but eventually management will balk at the expense and labor.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   1