Security researchers from Armis have disclosed a set of three critical vulnerabilities in APC Smart-UPS devices, cumulatively called TLStorm vulnerabilities. A remote attacker can string these vulnerabilities together to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets. Armis’s report says that 8 out of 10 devices are vulnerable, which pushes around 16 million devices into the risk of TLStorm.