Security researchers at Claroty have dug into the firmware and network management interfaces running two pieces of critical infrastructure kit found in data centers everywhere: Vertiv UPS network cards and Trane’s Tracer SC+ HVAC controller. What they found isn’t pretty.
Both product families ship with vulnerabilities that could let an attacker tamper with the physical environment inside a data center—think overheating racks by cranking down cooling, or cutting power to servers by manipulating uninterruptible power supplies. These aren’t theoretical risks. HVAC and UPS systems are increasingly IP-connected and managed remotely, which means they inherit all the attack surface of a networked device without always getting the same security scrutiny.
The takeaway? If you’re running a data center and treating your environmental management gear as “just appliances,” it’s time to rethink that assumption. These systems sit on the network, they accept commands, and now we know they can be compromised. Segment them, patch them, and monitor them like you would any other critical asset.
Source: SecurityWeek
