Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience

Multiple Vulnerabilities Disclosed in CyberPower UPS Management Software 

Executive Summary 

UPS management software is employed by a broad spectrum of users, encompassing data centers, critical manufacturing sectors, healthcare facilities, educational institutions, government agencies, and beyond, to maintain uninterrupted mission-critical operations. 

The recent disclosure of multiple vulnerabilities within CyberPower PowerPanel Business Software has raised significant concerns regarding the security of critical infrastructure (CI) sectors. These vulnerabilities pose a serious risk to the integrity and reliability of CI systems, potentially exposing them to exploitation by malicious actors. 

The Cybersecurity and Infrastructure Security Agency (CISA), a key entity within the United States government responsible for safeguarding critical infrastructure, has issued security alerts highlighting the heightened interest of hacktivist groups in targeting internet-exposed Industrial Control Systems (ICS) devices. This revelation further amplifies the urgency surrounding the recent PowerPlay vulnerabilities. 

PowerPanel Business Software Overview 

UPS management software such as PowerPanel is designed to provide advanced power management for Uninterrupted Power Supply, Power Distribution Unit, or Automatic Transfer Switch.  

PowerPanel UPS management software features real-time monitoring, remote management, event logging, automatic shutdown, scheduled maintenance, alarm notifications, energy management, multi-device support, user access control, and integration capabilities. These features enable organizations to efficiently monitor, control, and manage their UPS systems, ensuring continuous power availability, minimizing downtime, and optimizing energy usage. 

Vulnerability Details 

The table below provides details on the vulnerabilities impacting PowerPanel, a business management software: 4.9.0 and prior. The official vendor, CyberPower has released a patch that fixes these vulnerabilities. – Link. 

The exploitation of the vulnerabilities in vulnerable PowerPanel could allow an attacker to potentially bypass authentication and obtain administrator privileges, which could be utilized for writing arbitrary files to the server for code execution, gaining access to sensitive information, impersonating any client to sending malicious data and gaining access to the testing or production server. 

If an attacker is able to manipulate UPS management software, the target organization might face severe consequences, including: 

• Disruption of Operations 
• Loss of Data 
• Compromised Security 
• Financial Losses 

Understanding the impact of a successful cyberattack via vulnerable UPS Management software, CRIL researchers’ investigation led to the discovery of over 600 internet-exposed PowerPanel Business software.  

Given below are screenshots of the internet exposed PowerPanel Business applications. 

Voltage Vendetta: Lessons from the Past

CRIL researchers have been closely monitoring hacktivist claims of targeting internet-exposed Industrial Control System (ICS) devices. In past campaigns launched by hacktivist groups such as GhostSec, SigedSec, TeamOneFist, etc. – cyberattacks on UPS systems have emerged as a key vector in such campaigns to cause mass disruptions and gather notoriety from such attacks. Even though the impact of such claims remains questionable, the exposure and direct access of UPS systems to an attacker is a deeply concerning scenario. 

The OpColombia campaign launched by SiegdSec in collaboration with GhostSec and multiple campaigns launched by TeamOneFist in response to the Russia-Ukraine war in 2023 is a few notable incidents in which UPS systems manufactured by Schneider Electric, Powest, and APC were allegedly targeted.  

Figure 1– Powest UPS systems targeted during  #OpColombia 

Figure 2 – Schneider and APC UPS targeted by Team OneFist 

Conclusion 

CRIL researchers speculate that threat actors could soon leverage the critical vulnerabilities disclosed in PowerPanel in upcoming campaigns. With the potential for exploitation looming, urgent attention to patching and mitigation measures is imperative to preemptively thwart any attempts to exploit these weaknesses. Proactive steps such as monitoring for suspicious activities, implementing network segmentation, and enhancing user awareness can bolster defenses against potential attacks. 

Recommendations

• Implement a robust patch management strategy to promptly address vulnerabilities in software and systems. Ensure that security patches are regularly applied to all devices and applications, prioritizing critical updates to mitigate potential risks effectively. 
• Conduct periodic security audits and penetration testing exercises to assess the effectiveness of existing security controls and identify vulnerabilities. Regularly review configurations, policies, and procedures to ensure compliance with security best practices and regulatory requirements. 
• Utilize asset management tools and network discovery techniques to maintain an accurate inventory of all devices and applications within the environment. Enhance visibility into asset configurations, vulnerabilities, and dependencies to facilitate effective risk management and incident response. 
• Implementing Multi-Factor Authentication (MFA) for all remote access to the Operational Technology (OT) network, including connections from the IT network and external networks, is crucial for enhancing security. 

References 

https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://www.cyberpower.com/in/en/product/series/powerpanel_business