Security Vulnerabilities for older APC equipment

KevinK · ‎2020-11-04

Hi,

A client running EcoStruxure IT is looking at resolving some security issues linked to older hardware that is still in use. The hardware includes ACRD502s, AP7821s & a Symmetra UPS. These all do not have TLS1.2

Unfortunately we have not been able to find newer firmware for these units and would like to find out is there is anything that can be done as the units are still functioning properly and the client is not looking at refreshing them anything soon.

Regards

Kevin

Anonymous user · ‎2020-11-09

Hi Kevin,

I can't speak for the cooler but the AP7821 is based on the NMC1 and it is possible that the Symmetra also has an NMC1.

The NMC1 is quiet old and due to hardware limitations it only support TLS1.0.

In terms of corrective action an NMC2 can also be installed in a Symmetra and is capable of TLS1.2 but is going end of sale soon (it will still be supported for several year). At present the newer NMC3 only supports single phase Symmetra products but I believe it will support three phase units shortly.

Unfortunately the network card in the PDU is not upgradable.

-Gavan