U.S. markets open in 2 hours 49 minutes

  • S&P Futures

    4,214.25
    +15.75 (+0.38%)
     

  • Dow Futures

    32,881.00
    +99.00 (+0.30%)
     

  • Nasdaq Futures

    13,333.50
    +12.75 (+0.10%)
     

  • Russell 2000 Futures

    1,963.70
    +13.20 (+0.68%)
     

  • Crude Oil

    122.49
    +3.09 (+2.59%)
     

  • Gold

    2,010.30
    +14.40 (+0.72%)
     

  • Silver

    26.41
    +0.69 (+2.68%)
     

  • EUR/USD

    1.0889
    +0.0033 (+0.30%)
     

  • 10-Yr Bond

    1.7510
    0.0000 (0.00%)
     

  • Vix

    35.02
    +3.04 (+9.51%)
     

  • GBP/USD

    1.3104
    -0.0006 (-0.04%)
     

  • USD/JPY

    115.6600
    +0.3510 (+0.30%)
     

  • BTC-USD

    38,857.29
    +551.86 (+1.44%)
     

  • CMC Crypto 200

    872.67
    +21.05 (+2.47%)
     

  • FTSE 100

    6,953.64
    -5.84 (-0.08%)
     

  • Nikkei 225

    24,790.95
    -430.46 (-1.71%)
     
Webinar:

Yahoo Finance Plus presents 'Financial Services: Rising Rates and the Federal Reserve'

Kevin Heal and Steve Biggar of Argus Research share stocks that may benefit from rate hikes Wed., March 9 at 2 p.m. ET.

Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices

·5 min read

Vulnerabilities found in widely-used Uninterruptible Power Supplies could allow attackers to bypass security features and remotely take over or damage critical industrial, medical, and enterprise devices

PALO ALTO, Calif., March 8, 2022 /PRNewswire/ -- Armis, the leader in unified asset visibility and security, announced today the discovery of three zero-day vulnerabilities in APC Smart-UPS devices that can allow attackers to gain remote access. If exploited, these vulnerabilities, collectively known as TLStorm, allow threat actors to disable, disrupt, and destroy APC Smart-UPS devices and attached assets.

Armis Logo (PRNewsfoto/Armis)
Armis Logo (PRNewsfoto/Armis)

Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets in data centers, industrial facilities, hospitals, and more. APC is a subsidiary of Schneider Electric and is one of the leading vendors of UPS devices, with over 20 million devices sold worldwide.

"Until recently, assets, such as UPS devices, were not perceived as security liabilities. However, it has become clear that security mechanisms in remotely managed devices have not been properly implemented, meaning that malicious actors will be able to use those vulnerable assets as an attack vector," said Barak Hadad, Head of Research, Armis. "It is vital that security professionals have complete visibility of all assets, along with the ability to monitor their behavior, to identify exploitation attempts of vulnerabilities such as TLStorm."

Enterprise Risk Exposure

Armis researches and analyzes various assets to help security leaders protect their organizations from new threats. For this research, Armis investigated APC Smart-UPS devices and their remote management and monitoring services due to the widespread use of APC UPS devices in our customers' environments. The latest models use a cloud connection for remote management. Armis researchers found that an attacker exploiting the TLStorm vulnerabilities could remotely take over devices via the Internet without any user interaction or signs of attack.

The discovered vulnerabilities include two critical vulnerabilities in the TLS implementation used by cloud-connected Smart-UPS devices and a third high-severity vulnerability, a design flaw, in which firmware upgrades of most Smart-UPS devices are not correctly signed or validated.

Two of the vulnerabilities involve the TLS connection between the UPS and the Schneider Electric cloud. Devices that support the SmartConnect feature automatically establish a TLS connection upon startup or whenever cloud connections are temporarily lost. Attackers can trigger the vulnerabilities via unauthenticated network packets without any user interaction.

  • CVE-2022-22805 - (CVSS 9.0) TLS buffer overflow: A memory corruption bug in packet reassembly (RCE).

  • CVE-2022-22806 - (CVSS 9.0) TLS authentication bypass: A state confusion in the TLS handshake leads to authentication bypass, leading to remote code execution (RCE) using a network firmware upgrade.

The third vulnerability is a design flaw in which the firmware updates on affected devices are not cryptographically signed in a secure manner. As a result, an attacker could craft malicious firmware and install it using various paths, including the Internet, LAN, or a USB thumb drive. This modified firmware could allow attackers to establish long-lasting persistence on such UPS devices that can be used as a stronghold within the network to launch additional attacks.

  • CVE-2022-0715 - (CVSS 8.9) Unsigned firmware upgrade that can be updated over the network (RCE).

Abusing flaws in firmware upgrade mechanisms is becoming a standard practice of APTs, as has been recently detailed in the analysis of the Cyclops Blink malware, and improper signing of firmware is a recurring flaw in various embedded systems. For example, a previous vulnerability discovered by Armis in Swisslog PTS systems (PwnedPiper, CVE-2021-37160) resulted from a similar type of flaw.

"TLStorm vulnerabilities occur in cyber-physical systems that bridge our digital and physical worlds, giving cyberattacks the possibility of real-world consequences," said Yevgeny Dibrov, CEO and Co-founder of Armis. "The Armis platform addresses this hyper-connected reality, where one compromised identity and device can open the door to cyberattacks, and the security of every asset has become foundational to protect business continuity and brand reputation. Our ongoing research secures organizations by providing 100% complete visibility of their IT, cloud, IoT, OT, IoMT, 5G, and edge assets."

Updates and Mitigations

Schneider Electric worked in collaboration with Armis on this matter, and customers were notified and issued patches to address the vulnerabilities. To the best of both companies' knowledge, there is no indication the TLStorm vulnerabilities have been exploited.

Organizations deploying APC Smart-UPS devices should patch impacted devices immediately. More information can be found in the Schneider Electric security advisory here.

Armis customers can immediately identify APC Smart-UPS devices that are vulnerable in their environments and begin remediation. To speak with an Armis expert and experience our award-winning agentless device security platform, click here.

Research Presentations

Armis experts will discuss the TLStorm research during the following virtual and in-person events:

Additional Resources

About Armis
Armis is the leading unified asset visibility and security platform designed to address the new threat landscape that connected devices create. Fortune 1000 companies trust our real-time and continuous protection to see with full context all managed, unmanaged, and IoT devices, including medical devices (IoMT), operational technology (OT), and industrial control systems (ICS). Armis provides passive and unparalleled cybersecurity asset management, risk management, and automated enforcement. Armis is a privately held company headquartered in Palo Alto, California.

Media Contacts:
Dillon Townsel
Sr. Director, Public & Media Relations
dillon@armis.com
512-571-3455

Cision
Cision

View original content to download multimedia:https://www.prnewswire.com/news-releases/armis-finds-three-critical-zero-day-vulnerabilities-in-apc-smart-ups-devices-dubbed-tlstorm-exposing-more-than-20-million-enterprise-devices-301497137.html

SOURCE Armis

Recommended Stories

  • Is the Stock Market About to Collapse?

    For weeks now, I’ve highlighted the potential for a sharp breakdown in the stock market. We are getting confirmations now and a collapse may be imminent.

  • J.P. Morgan Sees Gains of Over 100% in These 2 Beaten-Down Stocks

    What can we make of the markets right now? On Friday, we saw the February jobs numbers – and they were far above the expectations. The economy added 678,000 jobs in the month, against a forecast of 400,000, and the official unemployment rate ticked down to 3.8%. It was the best jobs print of the ‘pandemic era.’ But it didn’t move the dial. The war in Ukraine did, and that movement wasn’t positive. All three of Wall Street’s major benchmarks are down as this week gets started, capping a weeks-lon

  • Why Transocean, Schlumberger, Halliburton, and Other Oil Stocks Surged Today

    Oil prices surged as high as $130 per barrel before pulling back, following reports that U.S. and European officials were considering a ban on purchases of oil and natural gas from Russia due to the events in Ukraine. Oil and gas producers typically become more profitable when prices rise. Transocean, the world's largest offshore drilling contractor, could benefit from increased demand (and, by extension, higher day rates) for its rigs.

  • Jim Cramer Recommends Selling These 10 Stocks

    In this article, we present the list of the 10 stocks that Jim Cramer recommends to sell. You can skip our comprehensive analysis of Jim Cramer’s history, investment philosophy, and hedge fund performance, and go directly to Jim Cramer Recommends Selling These 5 Stocks. Last week, Jim Cramer bemoaned the huge selloff that is rattling […]

  • Royal Caribbean Making a Big Onboard Change

    Most people aboard a Royal Caribbean (or a Carnival or Norwegian Cruise Line for that matter) ship spend their vacations eating too much, drinking too much, and staying up too late. At the moment, that means that anyone with a drink package who wants a latte, a cappuccino, or any other fancy coffee drink without paying extra must order from Cafe Promenade which offers Seattle's Best coffee, not Starbucks.

  • Russian rouble sinks in offshore trade as bids evaporate

    LONDON (Reuters) -Russia's rouble fell sharply in thin trading on Monday to a fresh record low, with local markets closed for trading until at least Wednesday. The rouble has lost nearly 50% of its value against the greenback since the start of the year, with losses sharply accelerating since Russia invaded Ukraine on Feb. 24, a move that sparked sweeping sanctions from various governments across the world. On the EBS trading platform, the rouble weakened as far as 160 to the dollar, or more than 22%, and was recently traded at 145, down 14.5% on the day.

  • Russia Threatens to Cut Natural Gas Flows to Europe Via Nord Stream 1

    (Bloomberg) -- Russia threatened to cut natural gas supplies to Europe via the Nord Stream 1 pipeline as part of its response to sanctions imposed over the invasion of Ukraine, a move that could heighten the turmoil in energy markets and drive consumer prices even higher.Most Read from BloombergUkraine Update: Russia’s Gas Threat; Cease-Fire Talks StruggleChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brai

  • Why Nio Stock Popped Today

    Shares of Chinese electric car company Nio (NYSE: NIO) raced out of the gate Monday and as of 10:30 a.m. ET were up 4.3%. What does the price of oil have to do with the value of a Chinese electric car stock? As oil prices rise, so will the cost of gasoline -- and the cost of owning a car powered by an internal combustion engine.

  • Buffett’s Fortune Is Back in World’s Top 5 Amid Rare 2022 Gains

    (Bloomberg) -- Warren Buffett is back among the richest five people in the world amid steep drops in tech stocks that are eroding the wealth of Silicon Valley executives.Most Read from BloombergUkraine Update: Russia’s Gas Threat; Cease-Fire Talks StruggleChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a Decade of Aging, Study FindsHypersonic-Missile Failures Risk U.S. Chase of China, Russi

  • Ford Has a Good Problem That Tesla and GM Will Envy

    This is where Ford currently finds itself in in the war for vehicle electrification. Like most dauphins, the company led by Jim Farley is not satisfied with this position and wants to dethrone the big favorite and current champion, Tesla . Farley has just carried out a radical reorganization for the 118-year old company, by creating two distinct divisions: one specialized in electric vehicles, Ford e, and Ford Blue which is devoted to vehicles with internal combustion engine or gasoline cars.

  • Cathie Wood Got Oil Wrong. It Isn’t Going to $12. Here’s What She Missed.

    FEATURE ARK Invest’s Cathie Wood admitted she didn’t get her oil price forecast correct. There is a lesson in the admission about commodity investing. Wood predicted back in 2020 that oil prices were headed to $12 a barrel.

  • 'We are definitely not buyers of the dip at this point,' says UBS strategist

    Buy dips in the stock market on the Russia-Ukraine war at your own risk, warns this top strategist.

  • Icahn sheds Occidental Petroleum stake, Qualcomm falls on reports of Samsung cyberattack

    Yahoo Finance Live's Brad Smith examines the opposing positions billionaire investors Warren Buffett and Carl Icahn take on Occidental Petroleum stakes, Bill Ackman's stake in the Canadian Pacific Railroad, and Qualcomm's shares fall after a cyberattack on Samsung.

  • Gazprom Is Said to Make $1.3 Billion Debt Payment in Dollars

    (Bloomberg) -- Some holders of a $1.3 billion Gazprom PJSC bond due Monday said they were fully repaid in dollars, two days after Russian President Vladimir Putin gave issuers the option of paying back foreign-currency debt in rubles.Most Read from BloombergUkraine Update: Russia’s Gas Threat; Cease-Fire Talks StruggleChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a Decade of Aging, Study

  • 3 ‘Strong Buy’ Dividend Stocks to Consider as the Russia-Ukraine War Escalates

    We’re closing in on two weeks since Russian forces invaded Ukraine, starting Europe’s largest land war since 1945. So far, the Western nations have avoided commitments to oppose Russian arms directly, and have responded by sending munitions and humanitarian aid to Ukraine while instituting sanctions against Russia. The situation is complicated by Russian’s position as a major producer in the global energy markets, and Europe’s increasing reliance in the past decade on Russian natural gas exports

  • Why CrowdStrike Stock Just Crashed

    Shares of CrowdStrike Holdings (NASDAQ: CRWD) stock tumbled in afternoon trading on the Nasdaq Monday after three separate Wall Street analysts all suddenly cut their price targets on the cybersecurity specialist. As of 3 p.m. ET, CrowdStrike stock is down 5.5%. In swift succession, first Morgan Stanley cut CrowdStrike to $180 a share, then RBC Capital Markets cut to $250, and then Stifel Nicolaus cut its target, too, likewise to $250.

  • Nickel Surge May Have Vale Reworking Its Base Metal Calculations

    (Bloomberg) -- There’s one simple reason why Vale SA was one of the few shining lights among major Brazilian shares Monday -- nickel.Most Read from BloombergUkraine Update: Global Stocks Plunge; Russia Threatens Gas FlowChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanCovid Can Shrink the Brain as Much as a Decade of Aging, Study FindsBiden to Sign Crypto Order as Firms Face Sanctions PressureStakes Rise as Putin Says His War in Ukraine Will ContinueWhile Vale gets most of its earnings

  • Gilead Sciences Dives As Investors Question Its Latest Cancer Buyout

    Gilead unveiled mixed results for its drug Trodelvy in women with breast cancer on Monday — and GILD stock sank at the close.

  • Biden Administration Is ‘Misusing Facts’ on Oil Permits, API Says

    (Bloomberg) -- The head of the biggest U.S. oil lobby groups said the Biden administration is “misusing facts” when it claims the industry has more than 9,000 federal drilling permits on which it can drill to boost supply and ease soaring energy prices. Most Read from BloombergUkraine Update: Global Stocks Plunge; Russia Threatens Gas FlowChina Warns U.S. Over Forming Pacific NATO, Backing TaiwanBiden to Sign Crypto Order as Firms Face Sanctions PressureCovid Can Shrink the Brain as Much as a De

  • Rivian Stock Tumbles As EV Maker Hikes Prices Ahead Of Earnings

    EV maker Rivian will report fourth-quarter earnings Thursday amid production woes and a price-hike fiasco that rankled customers. Rivian stock fell.