APC UPS zero-day bugs can remotely burn out devices, disable power

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/apc-ups-zero-day-bugs-can-remotely-burn-out-devices-disable-power/
A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric
The flaws affect APC Smart-UPS systems that are popular in a variety of activity sectors, including governmental, healthcare, industrial, IT, and retail.


UPS devices act as emergency power backup solutions and are present in mission-critical environments such as data centers, industrial facilities, hospitals.

TLStorm-VulnSys.jpg
Click to expand...

 
  • Wow
  • Like
  • Thanks
Reactions: Nevi, brambedkar59, [correlate] and 2 others
[correlate]

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
Armis has discovered a set of three critical zero-day vulnerabilities in APC Smart-UPS devices that can allow remote attackers to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets. Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets and can be found in data centers, industrial facilities, hospitals and more.

APC is a subsidiary of Schneider Electric, and is one of the leading vendors of UPS devices with over 20 million devices sold worldwide. If exploited, these vulnerabilities, dubbed TLStorm, allow for complete remote take-over of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks. According to Armis data, almost 8 out of 10 companies are exposed to TLStorm vulnerabilities. This blog post provides a high-level overview of this research and its implications.
Click to expand...
www.armis.com

TLStorm

Vulnerabilities discovered in APC Smart-UPS devices can expose organizations to remote attack. Explore Armis research on TLStorm.
www.armis.com www.armis.com
 
  • Like
Reactions: Gandalf_The_Grey, Nevi, brambedkar59 and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Applause
    • +Reputation
APC warns of critical unauthenticated RCE flaws in UPS software
Replies
0
Views
1,378
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
Schneider and Dell integrate UPS, HCI for graceful shutdown
Replies
0
Views
514
News Archive
silversurfer
silversurfer
silversurfer
    • Like
    • Thanks
    • Applause
Critical Bugs Affecting Realtek Wi-Fi Module
Replies
0
Views
1,344
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top