Emerson Appleton UPSMON-PRO

Risk Summary

Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO.

CVEs (1)

Remediations

• According to Emerson, Appleton UPSMON-PRO is End of Life and unsupported. Any users still using the product are recommended to replace the product or apply the following mitigations based on your company policies and Cybersecurity Operational recommendations.
• Recommended Actions if not replaced:
• Block UDP port 2601 at firewall level for all UPSMON-PRO installations
• Isolate UPS monitoring networks from general corporate networks
• Implement network-level packet filtering to reject oversized UDP packets to port 2601
• Monitor for UPSMONProSer.exe service crashes as potential indicators of exploitation attempts
• Long-term Strategy Recommendation:
• Replace UPSMON-PRO with actively supported UPS monitoring solution
• Implement defense-in-depth strategies for critical power infrastructure monitoring

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing, Healthcare and Public Health