20220330

Mitigating Attacks Against Uninterruptible Power Supply Devices

【外部リンク】
https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf
Mitigating Attacks Against Uninterruptible
Power Supply Devices 

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/29/mitigating-attacks-against-uninterruptable-power-supply-devices
Mitigating Attacks Against Uninterruptable Power Supply Devices



https://info.armis.com/rs/645-PDC-047/images/Armis-TLStorm-WP%20%281%29.pdf
Critical vulnerabilities in a TLS library lead
to complete pwnage of a popular
Cloud-connected UPS

https://www.cyber.nj.gov/alerts-advisories/mitigating-attacks-against-uninterruptible-power-supply-devices
Mitigating Attacks Against Uninterruptible Power Supply Devices

https://www.apc.com/jp/ja/product-category/88972-%E7%84%A1%E5%81%9C%E9%9B%BB%E9%9B%BB%E6%BA%90%E8%A3%85%E7%BD%AEups/
無停電電源装置(UPS)






https://www.apc.com/jp/ja/product-range/61915-smartups/
エントリーレベルから拡張性の高いランタイムまで対応するインテリジェントで効率的な電力保護。サーバー、POS、ルーター、スイッチ、ハブおよびその他のネットワーク機器にとって理想的なUPS

https://www.se.com/jp/ja/about-us/newsroom/contact-us/request.jsp
広報担当者宛

https://www.apc.com/jp/ja/faqs/home/
https://www.apc.com/jp/ja/faqs/FA313867/
Smart-UPS LCD (SMT/SMXシリーズ) AVRリレーヨウチャクと表示された際のトラブルシューティング
継続的にSMT/SMXをご利用いただいている中で故障ランプとLCDモニタに『AVRリレーヨウチャク』(英語表記: AVR Relay Weld)と
表示された場合の内容と対処方法を説明します。

https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp
2022/03/28 SCADAPack Workbench CVE-2022-0221 CWE-611: Improper Restriction of XML External Entity Reference SCADAPack Workbench (6.6.8a and prior) SEVD-2022-087-01
2022/03/09 ATandT Labs Compressor (XMill) and Decompressor (XDemill) used by EcoStruxure™ Control Expert, EcoStruxure™ Process Expert and SCADAPack RemoteConnect™ for x70 CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21813, CVE-2021-21814, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21827, CVE-2021-21828, CVE-2021-21829, CVE-2021-21830 Notification Updated - Recently released versions of EcoStruxure™ Control Expert and EcoStruxure™ Process Expert previously communicated to address these vulnerabilities were found to not fully address the issues as stated in a previous update of this notification. Customers are encouraged to follow the mitigations provided. • EcoStruxure™ Control Expert (All versions including former Unity Pro) • EcoStruxure™ Process Expert (All versions including former HDCS) • SCADAPack RemoteConnect™ for x70 (All versions) SEVD-2021-222-02 (V3.0)
2022/03/08 EcoStruxure™ Process Expert and EcoStruxure™ Control Expert CVE-2022-24322, CVE-2022-24323 Multiple Vulnerabilities EcoStruxure™ Process Expert (V2021 and prior), EcoStruxure™ Control Expert (V15.0 SP1 and prior) SEVD-2022-067-01
2022/03/08 APC Smart-UPS SMT, SMC, SMX, SCL, SMTL and SRT Series CVE-2022-22805, CVE-2022-22806, CVE-2022-0715 Multiple Vulnerabilities APC Smart-UPS Family and SmartConnect Family (see Security Notification for affected series and versions) SEVD-2022-067-02
2022/03/08 Ritto Wiser™ Door CVE-2021-22783 CWE-200: Information Exposure Ritto Wiser™ Door (All versions) SEVD-2022-067-03
2022/03/08 Apache Log4j Vulnerability (Log4Shell) CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, CVE-2021-44832 Notification Updated - Remediations available for APC PowerChute Business Edition, APC PowerChute Network Edition, and EMA Server Schneider Electric is aware of the vulnerabilities impacting Apache Log4j, including CVE-2021-44228, also known as Log4Shell. Our cybersecurity team is actively investigating the impact of the vulnerability on Schneider Electric offers and will continuously update this notification as information becomes available. SESB-2021-347-01 (V11.0)
2022/03/08 EcoStruxure™ Control Expert, EcoStruxure™ Process Expert, SCADAPack RemoteConnect™ for x70 CVE-2021-22797 Notification Updated - EcoStruxure™ Control Expert V15.1 and EcoStruxure™ Process Expert 2021 include a fix for these vulnerabilities • EcoStruxure™ Control Expert (All versions including former Unity Pro) • EcoStruxure™ Process Expert (All versions including former HDCS) • SCADAPack RemoteConnect™ for x70 (All versions) SEVD-2021-257-01 (V2.0)
2022/03/08 Windows Print Spooler Embedded in EcoStruxure™ Process Expert CVE-2021-34527, CVE-2021-1675 Notification Updated - EcoStruxure™ Process Expert 2021 includes a fix for these vulnerabilities EcoStruxure™ Process Expert (All versions prior to V2021) SEVD-2021-313-04 (V2.0
2022/03/08 EcoStruxure™ Control Expert, EcoStruxure™ Process Expert, SCADAPack RemoteConnect™ x70, and Modicon Controllers M580 and M340 CVE-2021-22778, CVE-2021-22779, CVE-2021-22780, CVE-2021-22781, CVE-2021-22782, CVE-2020-12525 Notification Updated - EcoStruxure™ Control Expert V15.1 and EcoStruxure™ Process Expert 2021 incude a fix that addresses the workstation vulnerabilities. A subsequent release is planned to address the Modicon M580 and Modicon M340 PLC’s to complete the remediations. • EcoStruxure™ Control Expert (V15.1 , V15.0 SP1 , All versions prior to V15.0 SP1 including all versions of Unity Pro) • EcoStruxure™ Process Expert (V2021 , All versions including all versions of EcoStruxure Hybrid DCS) • SCADAPack RemoteConnect™ for x70 (All versions) • Modicon M580 CPU (All versions - part numbers BMEP* and BMEH*) • Modicon M340 CPU (All versions - part numbers BMXP34*) SEVD-2021-194-01 (V2.0)
2022/03/08 Treck TCP/IP Vulnerabilities (Ripple20) CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Notification Updated - Added final mitigations for Andover Continuum Controllers See Security Notification SEVD-2020-175-01 (V2.17)
2022/02/08 IGSS (Interactive Graphical SCADA System) CVE-2022-24310, CVE-2022-24311, CVE-2022-24312, CVE-2022-24313, CVE-2022-24314, CVE-2022-24315, CVE-2022-24316, CVE-2022-24317 Multiple Vulnerabilities IGSS Data Server: IGSSdataServer.exe (V15.0.0.22020 and prior) SEVD-2022-039-01
2022/02/08 EcoStruxure EV Charging Expert CVE-2022-22807, CVE-2022-22808 CWE-942:Permissive Cross-domain Policy with Untrusted Domains and CWE-1021 Improper Restriction of Rendered UI Layers or Frames EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML (All Versions prior to SP8 (Version 01)V4.0.0.13) SEVD-2022-039-02
2022/02/08 Easergy P40 CVE-2022-22813 CWE-798: Use of Hard-coded Credentials Easergy P40 Series model numbers with Ethernet option bit as Q, R, S (All PX4X firmware versions) SEVD-2022-039-03
2022/02/08 spaceLYnk, Wiser For KNX, fellerLYnk CVE-2022-22809, CVE-2022-22810, CVE-2022-22811, CVE-2022-22812 Multiple Vulnerabilities • spaceLYnk (V2.6.2 and prior), • Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), • fellerLYnk (V2.6.2 and prior) SEVD-2022-039-04
2022/02/08 EcoStruxure Geo SCADA Expert CVE-2022-24318, CVE-2022-24319, CVE-2022-24320, CVE-2022-24321 Multiple Vulnerabilities • ClearSCADA (All Versions) • EcoStruxure GeoSCADA Expert 2019 (All Versions) • EcoStruxure Geo SCADA Expert 2020 (All Versions) SEVD-2022-039-05
2022/02/08 Harmony/Magelis iPC SeriesHMI, Vijeo Designerand Vijeo Designer Basic CVE-2021-22817 A CWE-276: Incorrect Default Permissions • Harmony/Magelis iPC Series (All Versions), • Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), • Vijeo Designer Basic (All Versions prior to V1.2.1) SEVD-2022-039-06
2022/02/08 CODESYS V3 Runtime, Development System and Gateway Vulnerabilities CVE-2021-29240, CVE-2021-29241, CVE-2021-21863, CVE-2021-21864, CVE-2021-21865, CVE-2021-21866, CVE-2021-21867, CVE-2021-21868, CVE-2021-21869, CVE-2021-33485 Available remediations for M241/M251. Added Easy Harmony ET6 (HMIET Series) and Easy Harmony GXU (HMIGXU Series) to the list of affected products. • M241/M251 (All Versions), • EcoStruxure Machine Expert (All Versions), • Harmony/Magelis HMISTU Series, HMIGTO Series, HMIGTU Series, HMIGTUX Series, HMIGK Series, HMISCU Series, Vijeo Designer (V6.2 SP11 Hotfix 3 and prior), • Eurotherm E+PLC100 (All Versions), • Eurotherm E+PLC400 (All Versions), • Eurotherm E+PLC tools (All Versions), • Easy Harmony ET6 HMIET Series (Vijeo Designer Basic V1.2.1 and later), • Easy Harmony GXU HMIGXU Series (Vijeo Designer Basic V1.2.1 and later) SEVD-2022-011-06 (2.0)
2022/02/08 BadAlloc Vulnerabilities CVE-2020-35198, CVE-2020-28895, CVE-2021-22156 Available remediations for Easy Harmony ET6 (HMIET Series), Easy Harmony GXU (HMIGXU Series), Harmony/ Magelis (HMIGTU Series, HMIGTUX Series, HMIGK Series), Modicon M262 Logic Controllers, and Modicon M241/M251 Logic Controllers. Added Easergy MiCOM P30 and Easergy MiCOM P40 to the list of affected products. See Security Notification SEVD-2021-313-05 (5.0)


他のキーワード
apc smart-ups 750
apc smart-ups 1200
apc smart-ups 1500
apc smart-ups 500
apc smart-ups 1000
apc smart-ups 脆弱性
apc smart-ups 500 説明書
apc smart-ups 1000 マニュアルups cyber security jobs
「TLStorm - Critical vulnerabilities in a TLS library lead to complete pwnage of a popular Cloud-connected UPS」
Schneider Electric
無停電電源装置「APC Smart-UPS」

「TLStorm」
ups cybersecurity definition
types of attacks on iot devices
new security technologies will be required to protect iot devices from what type of attacks
cyber threat from iot devices
russian cyber attacks on critical infrastructure
cisa logging「APC Smart-UPS」
iot attack surface
--

注目の投稿

cURL error 60: SSL certificate problem: unable to get local issuer certificate

cURL error 60: SSL certificate problem: unable to get local issuer certificate 更新失敗: ダウンロードに失敗しました。 cURL error 60: SSL certificate problem: ...

人気の投稿