A team of security researchers discovered a vulnerability in the baseboard management controller (BMC) hardware used by Supermicro servers. The update mechanism doesnt implement a code signing verification mechanism to check if the firmware is downloaded from a legitimate source. The vulnerability could be used to brick (permanently disable) the BMC or the entire system, creating an impact even more severe than the BlackEnergy Kill Disk component. Supermicro has addressed the flaw by implementing signature verification to the firmware update tool.”]
Source: https://securityaffairs.co/wordpress/75999/hacking/flaw-supermicro-servers.html