TLStorm vulnerabilities

Notifications

We Value Your Feedback!
Could you please spare a few minutes to share your thoughts on Cloud Connected vs On-Premise Services. Your feedback can help us shape the future of services.
Learn more about the survey or Click here to Launch the survey
Schneider Electric Services Innovation Team!

EcoStruxure IT security

The EcoStruxure IT platform is security hardened with a mandatory two-factor authentication and high encryption standards.

Invite a Co-worker

Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.

Send Invite Cancel

Related Forums

Previous Next

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague

EcoStruxure IT Support

Submit a support request for additional assistance with EcoStruxure IT software.

Request Support

Back to EcoStruxure IT security

2726 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?

Select your language from the translate dropdown in the upper right.

Translate to: English

For a list of impacted products and remediations, please refer to Schneider Electric's security bulletin which contains the most up to date information:
https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Based on the current information and analysis available, the EcoStruxure IT Gateway is not impacted by the TLStorm vulnerabilities.

CVE-2022-22806 and CVE-2022-22805

The IT Gateway uses a different TLS implementation than the affected UPSs. These vulnerabilities have not been discovered in that toolchain.

CVE-2022-0715

The EcoStruxure IT Gateway uses different authentication mechanisms and does not have user installable firmware like a UPS.

The IT Gateway does facilitate firmware updates to the NMC on the UPS, via the secure EcoStruxure IT Expert cloud application only, using officially released firmware packages. It does not have the ability to update the firmware on the UPS itself.

IT Expert Device Security assessment

The Device Security assessment in IT Expert includes a TLStorm analysis.

For the most accurate device analysis, be sure to keep your APC Network Management Card (NMC) firmware up to date and your Gateway updated to the latest version.

Didn't find what you are looking for? Ask our Experts

To The Top!

TLStorm vulnerabilities

Related Forums

EcoStruxure IT forum

APC UPS Data Center & Enterprise Solutions Forum