3 Questions to Ask Regarding the Security of your UPS Management Software

edge computing

Across small and medium businesses, millions of small (5 kVA and below) uninterruptible power supplies (UPS) are hooked up directly to key servers that help to run and operate the business. These UPSs provide valuable services such as a source of power backup should utility power be cut off due to electrical storms or other unanticipated power supply interruptions. The batteries inside the UPS afford the systems administrators a window of extended runtime to ensure a proper, safe shutdown, without loss of data. In some cases, the UPS will serve as a power bridge during the time it takes for a backup diesel power generator to kick in. A UPS system also filters out common electrical anomalies like power swells and sags that can freeze up servers and network connections.


As an example, PowerChute Business Edition from APC by Schneider Electric is an advanced UPS management software solution that is included with all APC Smart-UPS sized at 5 kVA and below.  The software provides graceful remote shutdown and restart of servers during times of prolonged power outages when valuable data is at risk. Systems administrators find these capabilities useful for servers in remote locations. As a result, systems operators don’t need to drive to their workplace in the middle of the night in order to gracefully shut down or reboot servers.

This software also monitors power characteristics such as power usage and the energy efficiency of the power consumption. As the software supports the SNMP v1 and SNMP v3 protocol, customers can use their own network management system to centrally monitor an unlimited number of PowerChute Business Edition Agents.

The advantages of the UPS management software are clear; but from a cybersecurity perspective how safe are they? Does the software unintentionally provide a “back door” point of entry for potential hackers?

Determining the cyber threat resilience of your UPS management software

Below are some key questions systems administrators should ask their UPS suppliers regarding the security of their UPS management software.

  1. Who is the manufacturer of the software and how much do they invest in making sure their products are cyber secure? Leading vendors with reputations for high quality products should always incorporate cybersecurity best practices in their software development cycle. Companies like Microsoft and APC subject all their products to rigorous Secure Development Lifecycle (SDL) security testing. Products that undergo SDL have been coded, pretested, verified and validated utilizing industry leading cybersecurity testing methods and are better protected from malicious cyberattacks.
  2. Does the software possess the latest SHA-2 certificates? SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) that allows users to determine the integrity of the data they are accessing. From a cybersecurity perspective, SHA-2 certification means that the software in question enables the comparison of the hash of a downloaded file to the result of a previously published hash. This determines whether the download has been modified or tampered with, and, if so, the user is notified that a cybersecurity threat is present.
  3. Are the communications protocols supported by the software best in class? PowerChute Business Edition now supports the latest SNMP v3. This version has within it the capability of preventing a hacker from falsifying information that a user is receiving and also prevents hackers from interfering with information as it’s being transmitted. Users are notified if such attacks are occurring.

As technology environments become more open and more linked, users will require a high degree of Certainty in a Connected World as they move forward modernizing their applications. APC’s PowerChute Business Edition, for example, undergoes extensive cybersecurity testing during development and the testing continues through the lifecycle of the product thereby providing the certainty required. The latest version of PowerChute Business Edition (v9.5) includes all the security parameters that are required for both Microsoft Windows and Linux users and provides support for both 32-bit and 64-bit operating systems. Download PowerChute Business Edition now for best in class power protection.

5 thoughts on “3 Questions to Ask Regarding the Security of your UPS Management Software

  1. Gentile apc ho aquistato di recente ups sua750i38 non aveva il cd nella confezione ho scaricato dal sito il software 9.5 ma in inglese mi chiedevo se ci fosse in italiano o se si poteva impostare la lingua in italiano nell’attesa della risposta distinti saluti grazie

  2. Hi,

    Could you please help me to fix below issues on Smart-UPS RT 3000 RM XL.

    1. ICMP Based TCP Reset Denial of Service Vulnerability
    2. Remote Management Service Accepting Unencrypted Credentials Detected

    1. Hi Darshan – are you located in the United States? If yes, please call 800-800-4272 option 4 for technical support.

    2. Hi Darshan,
      the reported items seem primarily network related, reported from running a vulnerability scanner & hence I’m assuming you have an APC UPS Network Management Card plugged into the SmartSlot of this UPS.
      In addition to multiple features, APC UPS Network Management Card provides customers with custom levels of security. To aid customers in this regard, we have the Security handbook available online (for AOS v6.4.x & v6.5.x[https://www.apc.com/salestools/LFLG-9VYK3D/LFLG-9VYK3D_R1_EN.pdf] and v5.x.x[https://www.apc.com/salestools/AKAR-7FVQ2W/AKAR-7FVQ2W_R1_EN.pdf]).

      Kindly note, its possible to disable the Ping response in the NMC, as detailed in the User guide [https://www.apc.com/salestools/LFLG-ACVDHV/LFLG-ACVDHV_R1_EN.pdf].
      We strongly recommend using the secure protocol options like HTTPS vs HTTP, SNMP v3 vs v1, SSH vs Telnet for all Remote management access.

      I hope this addresses your concerns above. For further clarifications, you may kindly get in touch with the Customer support [https://www.apc.com/us/en/support] along with further details of your setup.

Leave a Reply

Your email address will not be published. Required fields are marked *