{"id":229355,"date":"2026-06-10T08:07:00","date_gmt":"2026-06-10T12:07:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/10\/critical-hvac-and-ups-vulnerabilities-could-let-hackers-disrupt-data-centers\/"},"modified":"2026-06-10T10:15:33","modified_gmt":"2026-06-10T14:15:33","slug":"critical-hvac-and-ups-vulnerabilities-could-let-hackers-disrupt-data-centers","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/10\/critical-hvac-and-ups-vulnerabilities-could-let-hackers-disrupt-data-centers\/","title":{"rendered":"Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers"},"content":{"rendered":"

Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers<\/a><\/p>\n

https:\/\/www.securityweek.com\/critical-hvac-and-ups-vulnerabilities-could-let-hackers-disrupt-data-centers\/<\/a><\/p>\n

Publish Date: 2026-06-10 08:07:00<\/a><\/p>\n

Source Domain: www.securityweek.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Researchers at cyber-physical systems security firm Claroty have uncovered multiple vulnerabilities in two widely deployed HVAC and UPS products used in data centers, demonstrating how attackers could exploit them to launch disruptive remote attacks.<\/p>\n

The researchers targeted network cards designed to provide a network interface for uninterruptible power supply devices made by Vertiv.<\/p>\n

\u201cUPSs are heavily used in data centers to maintain operations in the event of a power outage; they also protect systems from power spikes and drops, and enable safe shutdowns,\u201d Claroty noted.<\/p>\n

The security firm\u2019s researchers found that the Vertiv network cards, which provide a default web interface for UPS devices, are affected by two vulnerabilities: an authentication bypass flaw and a remote code execution vulnerability.<\/p>\n

Chaining the two security holes can allow an attacker to remotely access the targeted UPS and execute arbitrary code, potentially causing significant operational disruptions.<\/p>\n

\u201cWhat makes [the vulnerabilities] especially concerning is the context: in large data centers, virtually all computing equipment relies on UPS devices to stay online during power issues,\u201d Claroty explained. \u201cAny weakness in those UPS communication modules can directly affect the machines they protect.\u201d<\/p>\n

Separately, Claroty researchers analyzed the Trane Tracer SC+ HVAC controller, which is widely used in data centers and other critical environments worldwide.Advertisement. Scroll to continue reading.<\/p>\n

They discovered several flaws, including authentication bypass, remote code execution, DoS, and sensitive information disclosure issues.\u00a0<\/p>\n

\u201cThe vulnerabilities are highly exploitable and, if weaponized, could allow unauthenticated remote code execution (RCE) and extensive sensitive information disclosure. In practice, this could give an attacker complete control over a critical building management system from the outside,\u201d Claroty said.\u00a0<\/p>\n

\u201cData center servers generate enormous amounts of heat, and an HVAC failure is far more than a comfort issue. It can trigger thermal shutdowns, damage expensive hardware, cause major service disruptions, and lead to millions of dollars in losses,\u201d the company noted.<\/p>\n

Claroty reported its findings to Trane and Vertiv and worked with them to patch the vulnerabilities.<\/p>\n

Related: ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact<\/p>\n

Related: Real-World ICS Security Tales From the Trenches<\/p>\n

Related: Critical Vulnerability Exposes Industrial Robot Fleets to Hacking<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers https:\/\/www.securityweek.com\/critical-hvac-and-ups-vulnerabilities-could-let-hackers-disrupt-data-centers\/ Publish Date: 2026-06-10…<\/p>\n","protected":false},"author":1,"featured_media":229356,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2024\/09\/Data-center-Cybersecurity-1.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-229355","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229355"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=229355"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229355\/revisions"}],"predecessor-version":[{"id":229357,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/229355\/revisions\/229357"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/229356"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=229355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=229355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=229355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}