Masu binciken tsaro na Armis sun bankado wasu lalurori guda uku a cikin wutar lantarkin da APC ke sarrafa ba tare da katsewa ba, wadanda ke ba da damar sarrafa na’ura da sarrafa na’urar, kamar kashe wutar lantarki zuwa wasu tashoshin jiragen ruwa ko amfani da ita a matsayin matattarar kai hare-hare kan wasu na’urori. Abubuwan raunin suna da suna TLStorm kuma suna shafar APC Smart-UPS (SCL, SMX, SRT series) da SmartConnect (SMT, SMTL, SCL da SMX jerin).
Ana haifar da lahani guda biyu ta hanyar kurakurai a cikin aiwatar da ka'idar TLS a cikin na'urorin da aka sarrafa ta hanyar sabis na girgije na tsakiya daga Schneider Electric. SmartConnect jerin na'urorin suna haɗa kai tsaye zuwa sabis na girgije mai tsaka-tsaki yayin farawa ko asarar haɗi, kuma mai kai hari ba tare da tantancewa ba zai iya yin amfani da rauni kuma ya sami cikakken iko akan na'urar ta hanyar aika fakiti na musamman zuwa UPS.
- CVE-2022-22805 - Buffer ambaliya a cikin fakitin lambar sake haɗawa da aka yi amfani da su yayin sarrafa hanyoyin haɗin gwiwa. Matsalar tana faruwa ne ta hanyar kwafin bayanai zuwa majigi yayin sarrafa ruɓaɓɓen bayanan TLS. Ana samun sauƙin amfani da raunin ta hanyar kuskuren kuskure lokacin amfani da ɗakin karatu na Mocana nanoSSL - bayan dawo da kuskure, haɗin ba a rufe ba.
- CVE-2022-22806 - Keɓancewar tabbaci lokacin kafa zaman TLS wanda kuskuren jiha ya haifar yayin tattaunawar haɗin gwiwa. Caching maɓalli na TLS mara izini da rashin kula da lambar kuskuren da ɗakin karatu na Mocana nanoSSL ya dawo lokacin da aka karɓi fakiti tare da maɓalli mara komai ya sa ya yiwu a yi kama da uwar garken Lantarki na Schneider ba tare da wucewa ta hanyar musayar maɓalli da matakin tabbatarwa ba.
Rashin lahani na uku (CVE-2022-0715) yana da alaƙa da aiwatar da ba daidai ba na bincika firmware da aka zazzage don ɗaukakawa kuma yana ba mai hari damar shigar da firmware da aka gyara ba tare da tabbatar da sa hannun dijital ba (ya nuna cewa firmware ɗin baya duba sa hannun dijital kwata-kwata. , amma kawai yana amfani da ɓoyayyen siminti tare da maɓalli wanda aka riga aka ayyana a cikin firmware) .
Haɗe tare da raunin CVE-2022-22805, mai kai hari zai iya maye gurbin firmware daga nesa ta hanyar kwaikwayon sabis na girgije na Schneider Electric ko ta fara sabuntawa daga cibiyar sadarwar gida. Bayan samun damar yin amfani da UPS, maharin zai iya sanya lambar baya ko qeta akan na'urar, da kuma yin sabotage da kashe wutar lantarki ga masu amfani masu mahimmanci, misali, kashe wutar lantarki zuwa tsarin sa ido na bidiyo a bankuna ko tallafin rayuwa. na'urori a asibitoci.
Schneider Electric ya shirya faci don gyara matsaloli, kuma yana shirya sabuntawar firmware. Don rage haɗarin sasantawa, ana kuma ba da shawarar canza tsoho kalmar sirri ("apc") akan na'urori masu katin NMC (Katin Gudanarwa) da shigar da takardar shaidar SSL da aka sanya hannu cikin lambobi, da kuma hana damar shiga UPS akan Tacewar zaɓi. zuwa kawai adireshin Schneider Electric Cloud.
source: budenet.ru