New Vulnerabilities Threaten Backup Systems for Major Institutions
Uninterruptible power supply (UPS) devices are used for supplying backup power in case of an outage. These devices are used primarily in institutions such as hospitals, industrial systems, and server rooms. A new report spells bad news for these devices, specifically APC Smart-UPS devices, identifying three high-impact security vulnerabilities that could be exploited in an attack on these important systems.
![Image](https://meritsolutions.net/wp-content/uploads/2022/03/taylor-vick-M5tzZtFCOfs-unsplash.jpg)
Uninterruptible power supply (UPS) devices are used for supplying backup power in case of an outage. These devices are used primarily in institutions such as hospitals, industrial systems, and server rooms. A new report spells bad news for these devices, specifically APC Smart-UPS devices, identifying three high-impact security vulnerabilities that could be exploited in an attack on these important systems.
These three vulnerabilities are called “TLStorm,” which “allow for complete remote takeover of Smart-UPS devices and the ability to carry out extreme cyber-physical attacks,” according to Ben Seri and Barak Hadad, Armis researchers.
In all, over 20 millions devices have been identified as affected by TLStorm.
Here are three steps you can take if TLStorm affects your systems:
- Install patches via Schneider Electric’s website.
- If you use the NMC, change the default NMC password (“apc”) and install a publicly-signed SSL certificate. To further protect your NMC, see the Schneider Electric Security Handbook for NMC 2 and NMC 3.
- Deploy access control lists (ACLs) in which the UPS devices are only allowed to communicate with a small set of management devices and the Schneider Electric Cloud via encrypted communications.
Share This
More Articles
![Featured image for “Watch Out for Wire Transfer Fraud”](https://meritsolutions.net/wp-content/uploads/2024/07/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg)
Jul. 23, 2024
Watch Out for Wire Transfer Fraud
![Featured image for “What Are Business Email Compromises?”](https://meritsolutions.net/wp-content/uploads/2024/07/windows-JqmOD1jpHHw-unsplash-scaled.jpg)
Jul. 23, 2024
What Are Business Email Compromises?
![Featured image for “Google Might Spend $23 Billion to Acquire a Cybersecurity Startup”](https://meritsolutions.net/wp-content/uploads/2024/07/alex-dudar-MpdLxiIg0P0-unsplash-2-scaled.jpg)
Jul. 16, 2024
Google Might Spend $23 Billion to Acquire a Cybersecurity Startup
![Featured image for “Did You Know Your iPhone Can Identify Plants and Animals?”](https://meritsolutions.net/wp-content/uploads/2024/07/pexels-ron-lach-7872633-2-scaled.jpg)
Jul. 16, 2024
Did You Know Your iPhone Can Identify Plants and Animals?
![Featured image for “Did You Know Your iPhone Can Read Things to You?”](https://meritsolutions.net/wp-content/uploads/2024/07/charlesdeluvio-Dilfan21P8o-unsplash-2-scaled.jpg)
Jul. 08, 2024
Did You Know Your iPhone Can Read Things to You?
View All