New Vulnerabilities Threaten Backup Systems for Major Institutions
Uninterruptible power supply (UPS) devices are used for supplying backup power in case of an outage. These devices are used primarily in institutions such as hospitals, industrial systems, and server rooms. A new report spells bad news for these devices, specifically APC Smart-UPS devices, identifying three high-impact security vulnerabilities that could be exploited in an attack on these important systems.
Uninterruptible power supply (UPS) devices are used for supplying backup power in case of an outage. These devices are used primarily in institutions such as hospitals, industrial systems, and server rooms. A new report spells bad news for these devices, specifically APC Smart-UPS devices, identifying three high-impact security vulnerabilities that could be exploited in an attack on these important systems.
These three vulnerabilities are called “TLStorm,” which “allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks,” according to Ben Seri and Barak Hadad, Armis researchers.
In all, over 20 millions devices have been identified as affected by TLStorm.
Here are three steps you can take if TLStorm affects your systems:
- Install patches via Schneider Electric’s website.
- If you use the NMC, change the default NMC password (“apc”) and install a publicly-signed SSL certificate. To further protect your NMC, see the Schneider Electric Security Handbook for NMC 2 and NMC 3.
- Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communications.
Share This
More Articles
Apr. 30, 2024
Microsoft May Be Trying to Earn Back Trust in Cybersecurity
Apr. 30, 2024
Email Isn’t Always Secure (but It Can Be)
Apr. 23, 2024
You Should Check Which Apps on Your Smartphone Are Using Your Location
Apr. 23, 2024
Protect Your Privacy By Forwarding Your Emails Through a Decoy Account
Apr. 16, 2024
Don’t Send Important Business Information Over SMS
View All