Smart UPS flaws allow for remote code execution
MS-ISAC CYBERSECURITY ADVISORY NUMBER: 2022-034 “Multiple Vulnerabilities in PTC Axeda Agent and Axeda Desktop Server” Could Allow for Remote Code Execution
March 10, 2022MS-ISAC ADVISORY NUMBER: 2022-033 “Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for Arbitrary Code Execution”
March 10, 2022
Summary:
Security researchers at Armis have released a report pertaining to a trio of vulnerabilities that lie in Smart UPS devices sold by Schneider Electric The vulnerability allows for remote code execution, replacing of firmware, and potentially destroying the entire unit’s capabilities. According to Armis, the flaws stem from both bad TLS implementation and the connected cloud-based system controlling newer devices. As Armis explained, because the devices have a TLS connection has an error, the APC leaves the connection open rather than closing the connection as recommended by the library writers. Therefore, the library is put into a state it is not built to handle, and the device may burn out. Ignoring the library errors can have serious implications, Armis explains, as an attacker can use the TLS resumption functionality, and the uninitialized keys are manipulated to communicate with the device as if the attacker is a genuine Schneider Electric server. Masquerading as a verified server, the attacker can issue a firmware upgrade command and remotely execute code over the UPS device. Additionally, all of the Smart UPS devices use the same symmetric key for encryption and decryption.
Additional Discussion:
Link:
