Galaxy VS and Galaxy VL
Monitor5.3SEVD-2023-318-03Nov 14, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A path traversal vulnerability in Schneider Electric Galaxy VL and Galaxy VS uninterruptible power supply (UPS) systems allows an attacker with network access to the management interface to enumerate the file system and download files. The vulnerability affects Galaxy VS versions prior to 6.101 and Galaxy VL versions prior to 13.18.1. The NMC4 management module is the affected component.
What this means
What could happen
An attacker with network access to the UPS management interface could read files from the system, including potentially sensitive configuration data or credentials stored on the device.
Who's at risk
Data center operators and facility managers who rely on Galaxy VL or Galaxy VS UPS systems for backup power. This affects small to large data centers, edge facilities, and other mission-critical environments in the energy sector and other business-critical applications.
How it could be exploited
An attacker sends a crafted HTTP request with path traversal sequences (e.g., ../ or similar) to the Galaxy VL or VS web interface. The server fails to properly sanitize the file path, allowing the attacker to navigate outside the intended directory and download arbitrary files from the UPS management system.
Prerequisites
- Network access to the Galaxy VL or VS management interface (typically port 80/443)
- No authentication required to exploit this vulnerability
remotely exploitableno authentication requiredlow complexitypath traversal allows file enumeration and downloadcould expose configuration data and credentials
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Galaxy VS6.826.101
Galaxy VL12.2113.18.1
Remediation & Mitigation
0/4
Do now
0/1WORKAROUNDDeploy a firewall with IP or MAC allow lists in front of the UPS management interface (NMC4), restricting access to authorized administration networks only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
Galaxy VS
HOTFIXUpgrade Galaxy VS to version 6.101 or later
Galaxy VL
HOTFIXUpgrade Galaxy VL to version 13.18.1 or later
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate the UPS management interface from untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a52d2a9d-2ffb-42ac-86e8-1c0b97852667