Millions of APC Smart-UPS devices vulnerable to TLStorm

If you’re managing a smart model from ubiquitous uninterrupted power supply (UPS) device brand APC, you need to apply updates now – a set of three critical zero-day vulnerabilities are making Smart-UPS devices a possible entry point for network infiltration.

The vulnerabilities, dubbed “TLStorm” were found in Schneider Electric’s APC Smart-UPS products by security firm Armis, which made the info public on Tuesday.

The name stems from the Transport Layer Security (TLS) implementation where two out of the three vulnerabilities were found.

Read more…
Source: The Register