Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL (Update A)
Act Now10ICS-CERT ICSA-25-140-07May 13, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Schneider Electric Galaxy VS, VL, and VXL uninterruptible power supply (UPS) systems contain an unauthenticated remote code execution vulnerability in the embedded Erlang/OTP SSH Server component used by the Network Management Card 4 (NMC4). The vulnerability allows attackers with network access to port 22/TCP to execute arbitrary commands without credentials, potentially compromising UPS monitoring and operations. Galaxy VS versions 6.118.0 and earlier, Galaxy VL versions 18.5.0 and earlier, and Galaxy VXL versions 15.21.0 and earlier are affected. This is actively being exploited in the wild.
What this means
What could happen
An attacker can execute arbitrary commands on the UPS monitoring card without authentication, potentially disabling monitoring of power systems or interrupting UPS operations in data centers and critical facilities.
Who's at risk
Data center operators, utilities, and any organization running Schneider Electric Galaxy VS, VL, or VXL 3-phase UPS systems used for power continuity and monitoring in critical infrastructure environments.
How it could be exploited
An attacker with network access to the SSH server (port 22/TCP) on the Network Management Card 4 (NMC4) can exploit the Erlang/OTP SSH vulnerability to gain unauthenticated remote code execution and run arbitrary commands on the UPS system.
Prerequisites
- Network connectivity to port 22/TCP on the NMC4
- SSH/SFTP/SCP enabled on the management card (default enabled)
Actively exploited (KEV)Remotely exploitableNo authentication requiredLow complexity attackCVSS 10.0 (critical)High EPSS score (50.3%)Affects monitoring and operational capability of critical power systems
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
Galaxy VS≤ 6.118.06.123.0
Galaxy VL≤ 18.5.018.10.0
Galaxy VXL≤ 15.21.015.29.0
Remediation & Mitigation
0/7
Do now
0/5Galaxy VS
HOTFIXUpdate Galaxy VS to version 6.123.0 or later
Galaxy VL
HOTFIXUpdate Galaxy VL to version 18.10.0 or later
Galaxy VXL
HOTFIXUpdate Galaxy VXL to version 15.29.0 or later
All products
WORKAROUNDDisable SSH/SFTP/SCP on the Network Management Card 4 by logging into the Web Interface, navigating to Configuration → Network → Console → Access, and unchecking the 'enable SSH/SFTP/SCP' checkbox
HARDENINGImplement firewall rules to block unauthorized access to SSH port 22/TCP to the NMC4
Long-term hardening
0/2HARDENINGSegment the UPS management network from the business network using firewalls and network isolation
HARDENINGImplement physical access controls to prevent unauthorized personnel from accessing UPS systems and management interfaces
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d1aad62a-fb56-4cd8-a3cf-ad7777b2c5fa