APC UPS Zero-day Bugs Can Remotely Burn Out Devices, Disable Power

by
FatPhil
from SoylentNews on (#5X55X)

upstart writes:

APC UPS zero-day bugs can remotely burn out devices, disable power:

A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply (UPS) devices from APC, a subsidiary of Schneider Electric.

[...] Two of the vulnerabilities, CVE-2022-22805 and CVE-2022-22806 are in the implementation of the TLS (Transport Layer Security) protocol that connects the Smart-UPS devices with the "SmartConnect" feature to the Schneider Electric management cloud.

The third one, identified as CVE-2022-0715, relates to the firmware of "almost all APC Smart-UPS devices," which is not cryptographically signed and its authenticity cannot be verified when installed on the system.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments