![]() ![]() ![]() The second, called CVE-2022-22805, is a memory corruption bug in packet reassembly that allows for a TLS buffer overflow. Apc device discovery tool code#A state confusion in the TLS handshake leads to an authentication bypass, allowing for remote code execution using a network firmware upgrade. The first vulnerability, known as CVE-2022-22806, allows for a TLS authentication bypass. Devices that support the SmartConnect feature automatically establish a TLS connection upon startup or whenever cloud connections are temporarily lost. Two of the vulnerabilities involve the transport layer security or TLS connection between the UPS and the Schneider Electric cloud. The trio of vulnerabilities has been dubbed “TLStorm” by the Armis researchers. How a UPS has vulnerabilities and can be hacked is reflects the times: The APC Smart-UPS are internet-connected. A power disruption could cause injuries, business disruption or data loss in some cases. today said they have uncovered three critical vulnerabilities in APC Smart-UPS that could allow attackers to manipulate the power of millions of enterprises.ĪPS, a division of Schneider Electric, is one of the leading vendors of uninterruptible power supply devices, with more than 20 million units sold worldwide. The devices are commonly used across industries and provide emergency power for mission-critical appliances that have to maintain high availability. Researchers at cybersecurity firm Armis Inc. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |