Stories
Slash Boxes
Comments

SoylentNews is people

APC UPS Zero-day Bugs Can Remotely Burn Out Devices, Disable Power

posted by FatPhil on Tuesday March 15 2022, @10:22PM   Printer-friendly
from the exploding-UPSs-are-fun dept.

upstart writes:

APC UPS zero-day bugs can remotely burn out devices, disable power:

A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric.

[...] Two of the vulnerabilities, CVE-2022-22805 and CVE-2022-22806 are in the implementation of the TLS (Transport Layer Security) protocol that connects the Smart-UPS devices with the "SmartConnect" feature to the Schneider Electric management cloud.

The third one, identified as CVE-2022-0715, relates to the firmware of "almost all APC Smart-UPS devices," which is not cryptographically signed and its authenticity cannot be verified when installed on the system.

While the firmware is encrypted (symmetric), it lacks a cryptographic signature, allowing threat actors to create a malicious version of it and deliver it as an update to target UPS devices to achieve remote code execution (RCE).

Armis researchers were able to exploit the flaw and build a malicious APC firmware version that was accepted by Smart-UPS devices as an official update, a process that is performed differently depending on the target [...]

[...] The researchers' report explains the technical aspects for all three TLStorm vulnerabilities and provides a set of recommendations to secure UPS devices:

  1. Install the patches available on the Schneider Electric website
  2. If you are using the NMC, change the default NMC password ("apc") and install a publicly-signed SSL certificate so that an attacker on your network will not be able to intercept the new password. To further limit the attack surface of your NMC, refer to the Schneider Electric Security Handbook for NMC 2 and NMC 3.
  3. Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communications.

Armis has also published technical white paper with all the details of the research.

Original Submission

 
This discussion has been archived. No new comments can be posted.
APC UPS Zero-day Bugs Can Remotely Burn Out Devices, Disable Power | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday March 16 2022, @04:16AM (2 children)

    by Anonymous Coward on Wednesday March 16 2022, @04:16AM (#1229548)

    Of course it needs to be on the could! How else would the vendor lock-in work? /s

    Your vision for UPSes is a bit fancy. Most UPSes on the market implement SNMP or another network protocol already. Personally, I don't want my UPS to run any sort of complex server, especially an HTTPS server that is almost guaranteed to be full of holes. If you want remote management, don't expose your UPS. You'd be better off to expose an interface on your trap/manager that shows the recorded events.

  • (Score: 2) by DannyB on Wednesday March 16 2022, @04:04PM (1 child)

    by DannyB (5839) Subscriber Badge on Wednesday March 16 2022, @04:04PM (#1229678) Journal

    I don't want my UPS to run any sort of complex server, especially an HTTPS server that is almost guaranteed to be full of holes.

    The server in a UPS should be so simple that it is obvious by inspection that it isn't full of holes and bugs.

    I therefore nominate: Telnet

    --
    Young people won't believe you if you say you used to get Netflix by US Postal Mail.

    • (Score: 0) by Anonymous Coward on Friday March 18 2022, @12:55AM

      by Anonymous Coward on Friday March 18 2022, @12:55AM (#1230091)

      Interactive free-form command parsing? No thanks, too complicated.