How to find APC assets

Updated

Latest APC device vulnerability #

Researchers at Armis recently published details on three new vulnerabilities affecting cloud-connected APC Smart-UPS devices manufactured by Schneider Electric. Dubbed "TLStorm", two of these vulnerabilities exist in the firmware TLS implementation, while the third vulnerability exists in the firmware update process.

The disclosed CVEs for TLStorm include:

  • CVE-2022-22806 (CVSS "critical" score of 9.9) - Authentication bypass via state confusion during TLS handshake
  • CVE-2022-22805 (CVSS "critical" score of 9.9) - Pre-authentication buffer overflow in TLS
  • CVE-2022-0715 (CVSS "high" score of 8.9) - Unsigned firmware deployment via the network or USB

What is the impact of TLStorm? #

Successful exploitation of these vulnerabilities can provide unauthenticated remote code execution to a remote attacker on vulnerable APC devices that are using the SmartConnect feature (which connects them to the cloud). This opens the door to attacks that could damage the UPS device itself, attacks that could damage devices connected to the UPS, and the attacker establishing a foothold on the private corporate network..

Is an update available? #

Armis coordinated with Schneider Electric on the publishing of TLStorm, and Schneider Electric encourages owners of affected APC Smart-UPS devices to update with available patched firmware. Armis offers additional mitigation techniques for improved safety (see "How can you secure your UPS devices?").

How do I find potentially vulnerable APC assets with runZero? #

From the Asset Inventory, use the following pre-built query to locate APC assets within your network that are potentially vulnerable to TLStorm:

hw:apc AND protocol:tls
Find APC assets

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Written by Pearce Barry

More about Pearce Barry
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Rapid Response
How to find Palo Alto Network firewalls running PAN-OS 11.1, 11.0, and 10.2
Palo Alto Networks disclosed that versions of their PAN-OS software have a vulnerability allowing for remote command injection. Here's how to find...
Rapid Response
How to find outdated lighttpd services
Outdated versions of the open source lighttpd web server are vulnerable to a handful of security vulnerabilities
Rapid Response
How to find D-Link NAS Storage devices
D-Link has disclosed multiple vulnerabilities in their D-Link NAS Storage products. Here's how to find potentially impacted devices.
Rapid Response
How to find Brocade Fabric OS
On April 4, 2024, Broadcom disclosed a vulnerability in their Fabric OS operating system used in their Brocade storage networking devices. Here's...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved