Armis researchers discovered three critical software flaws in UPS (uninterruptible power supply) devices from APC. Hackers could exploit the zero day vulnerabilities remotely to burn down the systems. The devices are used in eight out of 10 companies, according to Armis.
Smart UPS systems from APC are a fire hazard due to three critical bugs. The vulnerabilities are found in UPS systems that act as emergency generators and have Internet connectivity. Mainly in healthcare, industrial, IT and retail, the systems can be found.
The biggest critical error can give a hacker control of the device. Through hardware settings, the hacker can then cause the systems to burn down.
TLStorm
Two vulnerabilities arose from programming errors in the TLS (Transport Layer Security) connection. That connects the UPS devices to the server of Schneider Electric, parent company of APC. These bugs explain the nickname TLStorm, which the researchers use to refer to the three zero day vulnerabilities.
Hackers can exploit the flaws and run external code. The official names of the vulnerabilities are CVE-2022-22805 and CVE-2022-22806.
The third vulnerability, CVE-2022-0715, is the most critical flaw and occurs in the operation of encryption. Namely, the firmware is encrypted but lacks a digital signature. Hackers can exploit that by creating a malicious version and installing it on UPS devices with an update. Because of the flaw, any person is able to perform firmware updates, authorization is not required.
Secure devices
Armis researchers came across the zero day vulnerability. They reported the flaw in detail and also make some recommendations to make UPS devices secure:
- Install the patches via the Schneider Electric website.
- Change the default password of the NMC, if it is used. Then immediately install a publicly signed SSL certificate. That way, a hacker with access to the network cannot figure out the new password.
- Set up access control lists that allow UPS devices to communicate only via encrypted communication with a small number of management devices and the Schneider Electric Cloud.
read also