New Vulnerabilities Threaten Backup Systems for Major Institutions

Uninterruptible power supply (UPS) devices are used for supplying backup power in case of an outage. These devices are used primarily in institutions such as hospitals, industrial systems, and server rooms. A new report spells bad news for these devices, specifically APC Smart-UPS devices, identifying three high-impact security vulnerabilities that could be exploited in an attack on these important systems.

These three vulnerabilities are called “TLStorm,” which “allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks,” according to Ben Seri and Barak Hadad, Armis researchers.

In all, over 20 millions devices have been identified as affected by TLStorm.

Here are three steps you can take if TLStorm affects your systems:

1. Install patches via Schneider Electric’s website.
2. If you use the NMC, change the default NMC password (“apc”) and install a publicly-signed SSL certificate. To further protect your NMC, see the Schneider Electric Security Handbook for NMC 2 and NMC 3.
3. Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communications.