Connect with us

Hi, what are you looking for?



Vulnerabilities Allow Hackers to Hijack, Disrupt Socomec UPS Devices

A researcher has found 7 vulnerabilities in Socomec UPS products that can be exploited to hijack and disrupt devices. 

Some uninterruptible power supply (UPS) products made by Socomec are affected by several vulnerabilities that can be exploited to hijack and disrupt devices.

Socomec is a France-based electrical equipment manufacturing company that specializes in low voltage energy performance. Its offering includes modular UPS devices that are used by businesses in various sectors around the world.

Aaron Flecha Menendez, an ICS security consultant at Spain-based cybersecurity firm S21sec, discovered that some Socomec UPS devices, specifically MODULYS GP (MOD3GP-SY-120K), are affected by seven vulnerabilities.

The list includes cross-site scripting (XSS), plaintext password storage, code injection, session cookie theft, cross-site request forgery (CSRF), and insecure storage of sensitive information, with severities ranging from ‘medium’ to ‘critical’.

US cybersecurity agency CISA last week published an advisory to notify organizations about these vulnerabilities, pointing out that the impacted product has reached end of life. 

Organizations have been advised by the vendor to stop using the outdated product and upgrade to MODULYS GP2 (M4-S-XXX), which should not be impacted by the security flaws.

Businesses still using the vulnerable product could be exposing themselves to significant risks, as the security holes can allow an attacker who has knowledge of how the system works to modify its behavior and prevent it from functioning properly. 

Advertisement. Scroll to continue reading.

“Among the scenarios that can be achieved, the worst-case scenario would undoubtedly be disrupting the UPS management and affecting its ability to provide backup power,” Flecha Menendez told SecurityWeek.

Fortunately, there do not appear to be any vulnerable UPS products that are directly exposed to the internet. However, an attacker who is inside the targeted organization’s network could chain some of the MODULYS GP vulnerabilities for a higher impact.

“The use of the ‘unsafe storage of sensitive information’ vulnerability (CVE-2023-41965), allows obtaining a valid session cookie that does not expire (CVE-2023-41084), which can then be used for remote code injection (CVE-2023-40221). The combination of these 3 vulnerabilities would allow the attacker to gain full control of the device at the management level and affect its correct functioning,” the researcher explained. 

The researcher has not tested the newer product models so he cannot confirm that they are indeed not affected by the vulnerabilities, as claimed by the vendor. 

It’s important that organizations using the vulnerable product take action, as attacks targeting UPS devices are not unheard of. The US government last year issued a warning to businesses about such attacks, providing guidance on how the threat can be mitigated. 

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Power Management Product Flaws Can Expose Data Centers to Damaging Attacks, Spying

Related: CISA Informs Organizations of Flaws in Unsupported Industrial Telecontrol Devices

Related: Millions of APC Smart UPS Devices Can Be Remotely Hacked, Damaged

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.