I don’t consider snmp to be a big issue, unless someone set up “public” with write access.
The ups software running on the windows machine would be running as system and would be able to execute whatever it wanted. Usually it’s connecting to the ups through some method (IP, usb serial) to figure out what state it’s in, how much runtime is remaining, and if it needs to execute any stored scripts.
How do you get a compromised UPS to upload scripts to the windows machine? That I’m not too sure about. I don’t think I’ve seen an ups management system that has that capability.
I don’t consider snmp to be a big issue, unless someone set up “public” with write access.
The ups software running on the windows machine would be running as system and would be able to execute whatever it wanted. Usually it’s connecting to the ups through some method (IP, usb serial) to figure out what state it’s in, how much runtime is remaining, and if it needs to execute any stored scripts.
How do you get a compromised UPS to upload scripts to the windows machine? That I’m not too sure about. I don’t think I’ve seen an ups management system that has that capability.