Three high-impact APC Smart-UPS device vulnerabilities have been disclosed that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner.
Collectively dubbed TLStorm, the flaws “allow for complete remote takeover of Smart-UPS device vulnerability and the ability to carry out extreme cyber-physical attacks,” Ben Seri and Barak Hadad, researchers from IoT security company Armis, said in a report published Tuesday.
UPS (Uninterruptible power supply) devices function as emergency backup power providers in mission-critical environments such as medical facilities, server rooms, and industrial systems. Most of the afflicted devices, totaling over 20 million, have been identified so far in healthcare, retail, industrial, and government sectors.
What You Can Do
Managed Services Clients: Acumen has already begun the process of performing these mitigations for you. No further action is required at this time.
All Others: Please follow this set of mitigations to protect their UPS devices:
We are a TOP FIVE Managed IT Services provider in St. Louis, Missouri, working to empower businesses to achieve their goals by leveraging technology.