Finding APC assets vulnerable to TLStorm
Researchers at Armis recently published details on three new vulnerabilities affecting cloud-connected APC Smart-UPS devices manufactured by Schneider Electric. Dubbed “TLStorm”, two of these vulnerabilities exist in the firmware TLS implementation, while the third vulnerability exists in the firmware update process.
The disclosed CVEs for TLStorm include:
- CVE-2022-22806 (CVSS “critical” score of 9.9) - Authentication bypass via state confusion during TLS handshake
- CVE-2022-22805 (CVSS “critical” score of 9.9) - Pre-authentication buffer overflow in TLS
- CVE-2022-0715 (CVSS “high” score of 8.9) - Unsigned firmware deployment via the network or USB
Successful exploitation of these vulnerabilities can provide unauthenticated remote code execution to a remote attacker on vulnerable APC devices that are using the SmartConnect feature (which connects them to the cloud). This opens the door to attacks that could damage the UPS device itself, attacks that could damage devices connected to the UPS, and the attacker establishing a foothold on the private corporate network..
Armis coordinated with Schneider Electric on the publishing of TLStorm, and Schneider Electric encourages owners of affected APC Smart-UPS devices to update with available patched firmware. Armis offers additional mitigation techniques for improved safety (see “How can you secure your UPS devices?").
hw:apc AND protocol:tls
Find APC Smart-UPS devices on your network
Rumble deploys and bulds your asset inventory in minutes. Get results immediately.Start a free trial
May 12, 2022
Wrangling the May 2022 Patch Tuesday
Microsoft recently released security updates for over 70 vulnerabilities, including 3 zero-days and 7 critical vulnerabilities that affect a wide-range of their products and services. The list of patches covers an actively exploited zero-day vulnerability in the Windows …Read More
May 5, 2022
Finding F5 BIG-IP instances
Technology vendor F5 recently published information on over 40 vulnerabilities, mostly affecting their BIG-IP line of products. While these vulnerabilities include a mix of types and severities, a particular authentication bypass vulnerability that can affect all BIG-IP …Read More
April 29, 2022
Finding Netatalk instances
A critical vulnerability in the Netatalk open source file server software was found in some popular network attached storage (NAS) devices. Netatalk provides services for the deprecated AFP (Apple Filing Protocol, formerly known as Appletalk Filing Protocol), and runs on a …Read More