RESEARCHERS from Claroty have identified multiple vulnerabilities in widely used HVAC and UPS products from Vertiv, which could allow attackers to remotely disrupt operations in data centers. The flaws include an authentication bypass and remote code execution vulnerabilities in network cards for uninterruptible power supplies (UPS). By exploiting these vulnerabilities, attackers could execute arbitrary code and significantly impact data center operations that rely on UPS devices for power stability.
Additionally, a separate analysis of the Trane Tracer SC+ HVAC controller revealed several flaws that could lead to unauthorized remote code execution and sensitive data exposure. Claroty has reported these issues to the respective companies and assisted in patching them.