Attacking UPS Network Cards to Take Down Data Centers
Two critical vulnerabilities with CVSSv3 scores of 9.8 were discovered in Vertiv's Liebert IS-UNITY-DP UPS network cards. These internet-connected devices are used for power management in data centers. Exploiting these flaws could disrupt power management operations, impacting data center availability. Vertiv has released updates addressing both vulnerabilities. The research highlights the importance of including UPS infrastructure in an organization's cyber-physical security considerations.
AI Analysis
Technical Summary
Security researchers from Team82 identified two critical vulnerabilities in Vertiv's Liebert IS-UNITY-DP network cards used in UPS systems. Both vulnerabilities received a CVSSv3 score of 9.8, indicating severe risk. The flaws allow attackers to compromise the network cards, potentially disrupting power management operations that support data centers. This research underscores the risk posed by cyber-physical attack surfaces such as UPS infrastructure. Vertiv has issued patches to remediate these vulnerabilities.
Potential Impact
Successful exploitation could lead to disruption of power management functions in data centers, potentially causing outages or operational interruptions. This impacts the availability of critical infrastructure reliant on UPS systems. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Vertiv has provided official updates that address both vulnerabilities in the Liebert IS-UNITY-DP network cards. Organizations using these devices should apply the vendor-supplied patches promptly to mitigate the risk. No additional mitigation steps are indicated by the vendor advisory.
Attacking UPS Network Cards to Take Down Data Centers
Description
Two critical vulnerabilities with CVSSv3 scores of 9.8 were discovered in Vertiv's Liebert IS-UNITY-DP UPS network cards. These internet-connected devices are used for power management in data centers. Exploiting these flaws could disrupt power management operations, impacting data center availability. Vertiv has released updates addressing both vulnerabilities. The research highlights the importance of including UPS infrastructure in an organization's cyber-physical security considerations.
Reddit Discussion
Team82 uncovered two vulnerabilities in Vertiv’s Liebert IS-UNITY-DP network cards, both assessed a CVSSv3 score of 9.8, and demonstrated how weaknesses in these internet-connected devices could be leveraged to disrupt power management operations supporting data centers.
The research explores attack paths, potential impacts on availability, and why UPS infrastructure should be considered part of an organization's cyber-physical attack surface.
Vertiv has provided updates that address both flaws.
Read the technical deep dive here: https://claroty.com/team82/research/attacking-ups-network-cards-to-take-down-data-centers
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Security researchers from Team82 identified two critical vulnerabilities in Vertiv's Liebert IS-UNITY-DP network cards used in UPS systems. Both vulnerabilities received a CVSSv3 score of 9.8, indicating severe risk. The flaws allow attackers to compromise the network cards, potentially disrupting power management operations that support data centers. This research underscores the risk posed by cyber-physical attack surfaces such as UPS infrastructure. Vertiv has issued patches to remediate these vulnerabilities.
Potential Impact
Successful exploitation could lead to disruption of power management functions in data centers, potentially causing outages or operational interruptions. This impacts the availability of critical infrastructure reliant on UPS systems. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Vertiv has provided official updates that address both vulnerabilities in the Liebert IS-UNITY-DP network cards. Organizations using these devices should apply the vendor-supplied patches promptly to mitigate the risk. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a344f7df198dc38c1788618
Added to database: 6/18/2026, 8:05:17 PM
Last enriched: 6/18/2026, 8:05:22 PM
Last updated: 6/18/2026, 11:57:04 PM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.