Become a TechRadar Insider
- Attackers are now targeting physical systems inside data center environments
- Power infrastructure vulnerabilities could shut down entire computing networks instantly
- Cooling system breaches may trigger overheating across server facilities
Modern data centers face a growing threat from cybercriminals who now target physical infrastructure components rather than just software systems, as attackers know compromising a single power device or climate control unit could trigger massive operational failures across entire computing facilities.
The financial stakes are extraordinarily high because downtime in these facilities often costs hundreds of thousands of dollars per hour.
Recent research from Claroty's Team82 has now uncovered severe vulnerabilities in two essential categories of data center equipment widely deployed across major facilities, raising concerns for users everywhere.
The silent risks hiding inside power and climate systems
The first set of problems affects Vertiv's Uninterruptible Power Supply (UPS) network cards, which maintain stable electricity during grid fluctuations or blackouts.
Any successful exploit of these flaws could effectively shut down every server and router depending on that power protection system.
The second discovery involves deeply buried weaknesses within Trane Tracer SC+ HVAC controllers that regulate temperatures in server rooms.
An attacker exploiting these issues could execute unauthenticated remote code and gain complete control over a building's environmental management systems without any prior access credentials.
Standard protections such as antivirus software may not fully cover these systems because they directly control physical infrastructure rather than just data.
This creates a risk where malware or targeted attacks could affect both digital services and the physical environment supporting them.
“Data centers must make a fundamental shift in how they redefine their cyber and operational resilience goals, given that a single cyber incident can lead to physical disruption, create safety hazards, or cause catastrophic downtime,” said Amir Preminger, CTO of Claroty and head of Team82.
“Our research shows that the risk to data center stability is very real and very present. Data center operators must move quickly to treat CPS protection as a business imperative to drive risk reduction and maintain operational uptime.”
Preminger also noted that increasing demand from cloud computing and AI is making these systems more critical than ever before.
The vulnerabilities were disclosed to manufacturers Trane and Vertiv, who worked with researchers to fix the issues before public release.
Data center operators need to act fast
The world now depends heavily on AI workloads running exclusively inside data centers that governments and industry increasingly treat as critical infrastructure.
Threat actors are simultaneously deploying AI-enabled attacks while targeting physical systems that sit outside traditional security perimeters.
A compromised UPS device cannot be fixed by rebooting a server because the power path itself becomes the attack surface.
Similarly, a weaponized HVAC controller could trigger automatic shutdowns across entire server rooms to prevent permanent hardware destruction.
Every data center operator must recognize that cyber-physical convergence means a single intrusion can cross from digital to physical domains almost instantly.
Securing power equipment and climate control panels against remote code execution is now just as critical as protecting customer databases.
No security team can afford to treat power gear and HVAC panels as secondary concerns behind firewalls and encryption protocols.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
