Newer devices supporting the "SmartConnect" feature have both a TLS buffer overflow or TLS authentication bypass vulnerability in the handshake protocol, the latter of which allows the installation of malicious firmware. Armis has dubbed the trio of vulnerabilities "TLStorm."ĭifferent Smart-UPS devices of different ages are subject to different vulnerabilities. The vulnerabilities lie in the TLS implementation used by cloud-connected Smart-UPS and unsigned and unauthenticated firmware. "We've checked with our clients and we see these devices are used by over 50% of our clients," said Barak Hadad, head of research at Armis. The Schneider Electric website claims to have sold 20 million devices in the product line. APC Smart-UPS is a widespread brand, encompassing everything from backups for PLC systems and medical devices to consumer-grade backups.
0 kommentar(er)
