TLStorm vulnerabilities

Notifications

Join our "Ask Me About" community webinar on May 20th at 9 AM CET and 5 PM CET to explore cybersecurity and monitoring for Data Center and edge IT. Learn about market trends, cutting-edge technologies, and best practices from industry experts.
Register and secure your Critical IT infrastructure

EcoStruxure IT security

The EcoStruxure IT platform is security hardened with a mandatory two-factor authentication and high encryption standards.

Invite a Co-worker

Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.

Send Invite Cancel

Related Forums

Previous Next

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague

EcoStruxure IT Support

Submit a support request for additional assistance with EcoStruxure IT software.

Request Support

Back to EcoStruxure IT security

2615 Views

Link copied. Please paste this link to share this article on your social media post.

Trying to translate this page to your language?

Select your language from the translate dropdown in the upper right.

Translate to: English

For a list of impacted products and remediations, please refer to Schneider Electric's security bulletin which contains the most up to date information:
https://www.se.com/ww/en/download/document/SEVD-2022-067-02/

Based on the current information and analysis available, the EcoStruxure IT Gateway is not impacted by the TLStorm vulnerabilities.

CVE-2022-22806 and CVE-2022-22805

The IT Gateway uses a different TLS implementation than the affected UPSs. These vulnerabilities have not been discovered in that toolchain.

CVE-2022-0715

The EcoStruxure IT Gateway uses different authentication mechanisms and does not have user installable firmware like a UPS.

The IT Gateway does facilitate firmware updates to the NMC on the UPS, via the secure EcoStruxure IT Expert cloud application only, using officially released firmware packages. It does not have the ability to update the firmware on the UPS itself.

IT Expert Device Security assessment

The Device Security assessment in IT Expert includes a TLStorm analysis.

For the most accurate device analysis, be sure to keep your APC Network Management Card (NMC) firmware up to date and your Gateway updated to the latest version.

Didn't find what you are looking for? Ask our Experts

To The Top!

TLStorm vulnerabilities

Related Forums

EcoStruxure IT forum

APC UPS Data Center & Enterprise Solutions Forum