UPS flaws allow for remote code execution and remote fire-based interruptions



Security researchers at Armis have detailed a trio of vulnerabilities in so-called Smart-UPS devices sold by Schneider Electric subsidiary APC that allow for unnoticeable remote code execution, replacing of firmware, and potentially burning out the entire unit.

Naturally in 2022, the flaws in the system stem from a combination of bad TLS implementation and being able to be controlled through a cloud-based system in newer devices.

“Since the TLS attack vector can originate from the internet, these vulnerabilities can act as a gateway to the internal corporate network. Bad actors can use the TLS state confusion to identify themselves as the Schneider Electric cloud and collect information about the UPS behind the corporate firewall,” Armis said.

Read more…