APC by Schneider Electric Network Management Cards (NMC) and NMC Embedded Devices
Monitor6.8SEVD-2021-313-03Nov 9, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
Schneider Electric NMC2 and NMC3 network management cards and embedded devices contain cross-site scripting vulnerabilities that allow injection of malicious code into the web management interface. These vulnerabilities could lead to data disclosure or loss of device functionality. The affected products include Smart-UPS, Symmetra, Galaxy, Symmetra PX, and other UPS systems; Rack PDUs and InfraStruxure PDUs; Rack ATS devices; NetBotz environmental monitoring; battery management systems; and various cooling products. Fixes are available for NMC2 AOS v7.0.4+, NMC2 SYPX v7.0.4+, NMC3 v1.5.0+, and NMC2 RPDU2G v7.0.6+.
What this means
What could happen
An attacker who gains network access to the management interface could inject malicious code or steal sensitive data from the device. This could disrupt monitoring and remote control of your UPS systems, PDUs, and other critical infrastructure, potentially affecting power availability to your facility.
Who's at risk
This vulnerability affects any organization using APC by Schneider Electric uninterruptible power supplies (UPS), power distribution units (PDUs), automatic transfer switches (ATS), battery management systems, cooling units, and environmental monitoring products that have an embedded NMC2 or NMC3 network management card. Utilities, data centers, hospitals, and municipal facilities that rely on these products for mission-critical power monitoring and management should prioritize assessment.
How it could be exploited
An attacker must reach the web management interface of an affected NMC2 or NMC3 card over the network and interact with the user interface. The vulnerability likely involves submitting malicious input through web forms or URL parameters that bypass input validation, allowing cross-site scripting (XSS) attacks that execute in the browser of an administrator viewing the interface.
Prerequisites
- Network access to the NMC2 or NMC3 management web interface (typically port 80/443)
- No authentication required to exploit the vulnerability
- User interaction required - an authenticated administrator must view a malicious page or link
Remotely exploitable over networkCross-site scripting (XSS) vulnerabilityCould lead to data disclosure or loss of device functionalityAffects UPS and critical power infrastructureNo authentication required for the vulnerabilityUser interaction required (admin must view malicious page)EPSS score 0.5% (low exploitation probability)
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (65)
65 with fix
ProductAffected VersionsFix Status
1-Phase Uninterruptible Power Supply (UPS) using NMC2 Smart-UPS Network Management Card 2 AOS≤ 6.9.8>=7.0.4
1-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra Network Management Card 2 AOS≤ 6.9.8>=7.0.4
1-Phase Uninterruptible Power Supply (UPS) using NMC2 Galaxy 3500 Network Management Card 2 AOS≤ 6.9.8>=7.0.4
3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 250 (SYPX) Network Management Card 2 AOS≤ 6.9.6>=7.0.4
3-Phase Uninterruptible Power Supply (UPS) using NMC2 Symmetra PX 500 (SYPX) Network Management Card 2 AOS≤ 6.9.6>=7.0.4
Remediation & Mitigation
0/9
Do now
0/2Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) PDPB150G6F Network Management Card AOS 2
HARDENINGRestrict network access to NMC2/NMC3 management interfaces using firewall rules - allow only from trusted engineering workstations and management networks
All products
HARDENINGDisable direct internet access to NMC management interfaces; manage devices only from a dedicated internal network or jumphost
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
1-Phase Uninterruptible Power Supply (UPS) using NMC2 Smart-UPS Network Management Card 2 AOS
HOTFIXUpdate NMC2 AOS firmware to version 7.0.4 or later for Smart-UPS, Symmetra, and Galaxy 3500 UPS models
HOTFIXUpdate NMC2 SYPX firmware to version 7.0.4 or later for Symmetra PX UPS models (contact support for availability)
HOTFIXUpdate NMC3 firmware to version 1.5.0 or later for Smart-UPS, Symmetra, and Galaxy 3500 UPS models
Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) PDPB150G6F Network Management Card AOS 2
HOTFIXUpdate NMC2 firmware to version 7.0.4 or later for Symmetra PX 48/96/100/160 kW (PX2), Symmetra PX 20/40 kW (SY3P), Gutor, and Galaxy models
APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2 Network Management Card AOS 2
HOTFIXUpdate NMC3 firmware to version 1.5.0 or later for 2G Metered/Switched Rack PDUs
HOTFIXUpdate NMC2 firmware to version 7.0.6 or later for Rack PDU 2G and InfraStruxure PDU models
HOTFIXUpdate NMC2 firmware to version 7.0.4 or later for all other affected PDUs, ATS, cooling, and battery management products
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/feafdd80-c317-4d74-a893-e7554b95410a