CyberNews Briefs

UPS flaws allow for remote code execution and remote fire-based interruptions

Security researchers at Armis have released a report pertaining to a trio of vulnerabilities that lie in Smart-UPS devices sold by Schneider Electric The vulnerability allows for remote code execution, replacing of firmware, and potentially destroying the entire unit’s capabilities. According to Armis, the flaws stem from both bad TLS implementation and the connected cloud-based system controlling newer devices. As Armis explained, since the devices have a TLS connection has an error the APC leaves the connection open rather than closing the connection as recommended by the library writers. Therefore, the library is put into a state it is not built to handle and the device may burn out.

Ignoring the library errors can have serious implications, Armis explains, as an attacker can use the TLS resumption functionality and the uninitialized keys are manipulated to communicate with the device as if the attacker is a genuine Schneider Electric server. Masquerading as a verified server, the attacker can issue a firmware upgrade command and remotely execute code over the UPS device. Additionally, all of the Smart-UPS devices use the same symmetric key for encryption and decryption.

Read More: UPS flaws allow for remote code execution and remote fire-based interruptions

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.