ICYMI: Intelligent Buildings spotlights APC Smart-UPS TLStorm vulnerabilities that allow attackers to cause cyber and physical damage through undetected remote access.
Over 20 million APC Smart-UPS (or uninterruptible power supply) devices are currently deployed worldwide. These devices are widely used in Commercial Real Estate, banking, hospitals, data centers, and media. Armis security researchers found a flaw, dubbed TLStorm, that allows attackers to take over these devices remotely. TLStorm has two critical vulnerabilities:
- One in a design flaw, in which firmware upgrades of all Smart-UPS devices are not properly signed and validated
- One in the TLS implementation used by both Cloud-connected Smart-UPS devices and a third critical vulnerability