C’mon Man, Now My APC UPS Is A Security Risk?

Source: The Register C’mon Man, Now My APC UPS Is A Security Risk?

Time To Give That SmartUPS A Lobotomy

Congratulations on making it to Thursday, your reward is apparently three critical vulnerabilities which make 10 Smart-UPS models a possible infiltration point into your network.  Two of the three vulnerabilities involve how the UPS handle TLS, with both an buffer overflow and an authentication bypass revealed; the former allowing the execution of code and the latter setting you up for the third vulnerability.

The third one allows an authenticated user to remotely install any firmware they feel like, as the APC UPS doesn’t check to see if the file is signed, or even compatible.  All three vulnerabilities can be exploited over your network, no physical access required.  Schneider Electronics lists the affected models and how to track down patches here (warning: this link downloads a zip file containing two PDFs).   That seems to be the best way forward as there does not seem to be a way to disable SmartConnect’s predilection to automatically establish a TLS connection to Schneider’s cloud when it first starts up if the cloud connection is temporarily lost.

The vulnerabilities, dubbed TLStorm, were found in Schneider Electric's APC Smart-UPS products by security firm Armis, which made the info public on Tuesday.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!