Cybersecurity Policy and Incidents Briefing 3/9/22

ICYMI: Intelligent Buildings spotlights APC Smart-UPS TLStorm vulnerabilities that allow attackers to cause cyber and physical damage through undetected remote access.



Over 20 million APC Smart-UPS (or uninterruptible power supply) devices are currently deployed worldwide. These devices are widely used in Commercial Real Estate, banking, hospitals, data centers, and media. Armis security researchers found a flaw, dubbed TLStorm, that allows attackers to take over these devices remotely. TLStorm has two critical vulnerabilities:

  • One in a design flaw, in which firmware upgrades of all Smart-UPS devices are not properly signed and validated
  • One in the TLS implementation used by both Cloud-connected Smart-UPS devices and a third critical vulnerability


Click to read more.