CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 10, 2026

Data Center OT Flaws Could Help Hackers Kill Power and AC

Data Breach Today Archived Jun 10, 2026 ✓ Full text saved

Claroty Warns of Downtime, 'Devastating' Impact of Vulnerabilities in OT Systems Vulnerabilities in backup power devices and heating and cooling control systems widely used in data centers could enable remote cyberattacks and result in costly downtime and "devastating" operational impact, according to new research from OT security firm Claroty.

Full text archived locally
✦ AI Summary · Claude Sonnet


    Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management Data Center OT Flaws Could Help Hackers Kill Power and AC Claroty Warns of Downtime, 'Devastating' Impact of Vulnerabilities in OT Systems Shaun Waterman • June 10, 2026     Credit Eligible Get Permission Vulnerabilities in backup power devices and heating and cooling control systems widely used in data centers could enable remote cyberattacks, according to Claroty researchers. (Image: Shutterstock) Vulnerabilities in backup power devices and heating and cooling control systems widely used in data centers could enable remote cyberattacks by hackers and digital saboteurs and result in downtime and "devastating" operational impact, according to new research from operational technology security firm Claroty. See Also: AI vs. AI: Leveling the Defense Playing Field Claroty's Israel-based threat research team Team82, which presented its findings Tuesday at the SANS ICS Security Summit in Orlando, Fla., found two high-severity vulnerabilities in Vertiv’s Liebert IS-UNITY-DP network cards, which provide connectivity for its uninterruptible power supply devices. Researchers also found five medium-severity vulnerabilities in the Trane Tracer SC+ HVAC controller. "We uncovered two vulnerabilities with a CVSS score of 9.8. What makes them especially concerning is the context: In large data centers, virtually all computing equipment relies on UPS devices to stay online during power issues," Team82 researcher Vera Mens wrote in a blog. In both cases, the vulnerabilities were responsibly disclosed to the manufacturers, and the latest versions of those products have been fixed to remove them. The Vertiv network card vulnerabilities meant that if the cards could be accessed over the internet, a remote attacker could log on to the configuration interface and shut off any equipment powered by the UPS device connected to the network card. Once logged in to the configuration interface, Mens said "an attacker can do real damage by requesting an 'output OFF' in a managed UPS configuration, which in 'UPS language' means shut down any powered-by-UPS device. In the case of a data center, an entire facility could be impacted by this one vulnerability." The HVAC vulnerabilities, Team82 said, could be chained together to provide unauthenticated remote code execution. "In practice," wrote researcher Amir Zaltzman, "this could give an attacker complete control over a critical building management system from the outside." Turning the air conditioning off in a data center isn't just a matter of making staff uncomfortable, Zaltzman said. "In these environments, cooling is just as important as computing. Data center servers generate enormous amounts of heat, and an HVAC failure … can trigger thermal shutdowns, damage expensive hardware, cause major service disruptions and lead to millions of dollars in losses." Data center outages can cost companies "hundreds of thousands of dollars an hour" in downtime, according to research by the Uptime Institute. The organization's 2026 survey found that outages cost more than $100,000 on average, and one-in-five costs more than $1 million. Geopolitical conflicts are making data centers bigger targets for attackers. Outages caused by Iranian drone strikes on Amazon Web Services data centers in the United Arab Emirates and Bahrain in March, damaged physical infrastructure and disrupted cloud services across the region. The attacks represent the first time in modern warfare that commercial data centers "became explicit kinetic targets," according to the World Economic Forum, which added that "the episode was widely interpreted as a watershed moment in the security meaning of cloud infrastructure." Both the United Kingdom and the European Union specifically call out cloud infrastructure facilities including data centers as critical national infrastructure, the World Economic Forum noted. In the U.S. data centers are part of the broader IT sector. HVAC systems within data centers "have become highly sensitive cyber-physical assets. In many ways, they are the digital brains behind the physical stability of the data center," Team82's Zaltzman said. The Team82 researchers, who were sheltering in place during the exchange of rockets this week between Israel and Iran, were unavailable for interview. But Claroty CTO Amir "Jumbo" Preminger, told ISMG by email that cyberattacks will increasingly become an alternative to kinetic strikes on data centers. "Looking at past events, we think that nations will use the same tactics to attack data centers to cause denial of service or, in the case of distributed computing, cause resource constraints to limit the compute availability," he said. Such attacks could be conducted through the power grid or by cyberattacks on OT devices. "Due to the current compute demand, any downtime that will be caused by attacking the data center support system will be catastrophic to services such as artificial intelligence hosted on that facility," Preminger said. He added that data centers could be on the target list of ransomware gangs as well as nation-state threat actors. The Data Center Coalition, a trade group that represents operators, did not respond to multiple requests for comment. The Team82 research has been verified by the U.S. Cybersecurity and Infrastructure Security Agency, which recently issued advisories about the Trane and the Vertiv device vulnerabilities, and assessed severity scores using the CVSS v3 framework. CISA recommended users keep their equipment up to date and "take defensive measures to minimize the risk of exploitation of these vulnerabilities," including minimizing network exposure and "ensuring they are not accessible from the internet."
    💬 Team Notes
    Article Info
    Source
    Data Breach Today
    Category
    ◇ Industry News & Leadership
    Published
    Jun 10, 2026
    Archived
    Jun 10, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗