Security News

Three critical security vulnerabilities in widely used smart uninterruptible power supply devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found. APC is a subsidiary of Schneider Electric, one of the leading vendors of UPS devices.

Three vulnerabilities in ubiquitous APC Smart-UPS devices could allow remote attackers to use them as an attack vector, disable or completely destroy them, Armis researchers have discovered. "The latest APC Smart-UPS models are controlled through a Cloud connection. Armis researchers found that an attacker exploiting the TLStorm vulnerabilities could remotely take over devices via the Internet without any user interaction or signs of attack. As a result, attackers can perform a remote-code execution attack on a device, which in turn could be used to alter the operations of the UPS to physically damage the device itself or other assets connected to it," the researchers noted.