APC Easy UPS On-Line Software

Act Now9.8SEVD-2020-224-04Aug 11, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in APC Easy UPS On-Line Software V2.0 and earlier allow unauthorized users to upload executable files to non-specified directories via the software interface. This enables arbitrary code execution on systems managing uninterruptible power supply infrastructure.

What this means

What could happen

An attacker could upload malicious executable files to the UPS software, allowing them to execute arbitrary code on the system managing critical power infrastructure. This could result in loss of UPS monitoring and control, power outage, or damage to connected equipment.

Who's at risk

Power facility operators and electricians responsible for UPS systems in energy sector facilities. Impacts any organization running APC Easy UPS On-Line Software V2.0 or earlier to manage backup power for critical infrastructure.

How it could be exploited

An attacker on the network sends a crafted file upload request to the APC Easy UPS On-Line Software web interface. The software does not properly validate file uploads or restrict where files are stored, allowing the attacker to write an executable file to a directory where it can be executed by the UPS software process.

Prerequisites

Network access to the APC Easy UPS On-Line Software management interface (typically port 80/443)
No authentication required

remotely exploitableno authentication requiredlow complexitycritical CVSS score (9.8)affects power infrastructure

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

APC Easy UPS On-Line Software V2.0 and earlier≤ 2.02.1

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGIsolate the APC Easy UPS On-Line Software management interface behind a firewall, allowing access only from authorized engineering workstations

WORKAROUNDDisable direct internet access to the UPS software; restrict access to management network only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade APC Easy UPS On-Line Software to version 2.1 or later

CVEs (2)

CVE-2020-7521 CVE-2020-7522

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/939d3457-bd2a-4b0d-97e4-c79c8c396e31