Security News > 2023 > April > APC warns of critical unauthenticated RCE flaws in UPS software
APC's Easy UPS Online Monitoring Software is vulnerable to unauthenticated arbitrary remote code execution, allowing hackers to take over devices and, in a worst-case scenario, disabling its functionality altogether.
While denial-of-service flaws are generally not considered very dangerous, as many UPS devices are located in data centers, the consequences of such an outage are magnified as it could block the remote management of devices.
Currently, the only mitigation for customers with direct access to their Easy UPS units is to upgrade to the PowerChute Serial Shutdown software suite on all servers protected by your Easy UPS OnLine, which provides serial shutdown and monitoring.
General security recommendations provided by the vendor include placing mission-critical internet-connected devices behind firewalls, utilizing VPNs for remote access, implementing strict physical access controls, and avoiding leaving devices in "Program" mode.
Recent research focusing on APC products revealed dangerous flaws collectively called 'TLStorm,' which could give hackers control of vulnerable and exposed UPS devices.
Soon after the publication of TLStorm, CISA warned of attacks targeting internet-connected UPS devices, urging users to take immediate action to block the attacks and protect their devices.
News URL
Related news
- Apache issues patches for critical Struts 2 RCE bug (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation (source)