Posted: 2022-03-09 02:31 PM
Seeing that there was a new Wizard released for security vulnerabilities I decided to try and update my SMT1500 UPSs firmware.
I started the Firmware Update Wizard and it said the UPS could be updated. (The UPS display lists the current Firmware as UPS 09.6 ID 18. The wizard lists id's of
So I was surprised to see the Wizard show me two possible Firmware Files:
Which one am I supposed to actually use? I also have an SMT1500C. Which file is good for that one (ID 1015 - 39 I think)?
Posted: 2022-03-09 03:15 PM
I did look at the referenced FAQ. But when I looked at the Security warning at https://regmedia.co.uk/2022/03/09/schnieder_advisory.pdf it seemed to say that 'affected versions' (for one of the vulnerabilities) was '9.8 or earlier' in my case of ID 18.
But thinking about it, even the other file seems to only be '9.8' judging from the file name.
I guess I also thought that it would tell me if I actually needed the update (but maybe that doesn't happen until you pick the correct file).
In any event, it would still be nice to know what file I'm supposed to use (since it wasn't obvious to me).
The Wizard documentation boldly stated
"Note: As shown in the above table, in some cases, there are two or more firmware images listed for the same UPS ID. This confusion is taken care by a new feature in Firmware Upgrade Wizard v4.3, that shows only the relevant and latest firmware for the connected UPS. "
which left me doubly confused (since I still saw more than one choice).
Posted: 2022-03-11 09:33 AM
Our engineers are working on upgraded firmware for the UPS listed. Once firmware is available the security bulletin will be update and links to the new firmware will be added.
Presently we have updated firmware for SmartConnect SMT and SMC Series. That firmware can be downloaded via the link in the bulletin, and customer that have there Smart Connected UPS connected to the cloud are being notified.
Here is an example of the notice.
To upgrade the firmware via the cloud see Schneider Electric FAQ FA340522
Posted: 2022-03-11 10:05 AM
As far as my SMT1500 / ID=18 device goes I'll take another stab when updated firmware is available.
Hopefully, only one file will be offered by the Wizard then.
As far as my new SMT1500C / ID=1015 goes I updated it using the 4.3 Wizard today.
(I am using this locally attached by USB at this time, and so it's not network connected).
Seeing these CVEs is one of the reasons why... You are exposing your systems to possible remote hacking.
I guess I can't get the extra 1 year battery warranty though unless I network connect it (at least long enough to register it).
Posted: 2022-03-21 03:01 PM
Here's a new question - not the OP's.
I have SmartConnect devices that I had to remove from that portal in order to get them under EcoStruxure IT.
So I'm NEVER going to get that alert - they are no longer in the cloud.
In fact, EcoStruxure IT can't tell me what the "ID" version is. Apparently that's not something they considered or track.
So how am I going to know if I have to - or when to - update these devices?
Posted: 2022-03-22 01:51 PM . Last Modified: 2022-10-19 01:01 AM
I suggest you post your question to https://community.se.com/t5/EcoStruxure-IT-forum/bd-p/ecostruxure-it-forum
Posted: 2022-03-28 08:08 AM
Back to the OP's original question.
I have an SMT1000RM2U.
I ran the Firmware Upgrade wizard and was presented with the same two files.
Which one am I supposed to actually use?
The first, the second, or both?
Posted: 2022-03-28 11:01 AM
Got this response from APC Support:
As per the article, please use SMT18UPS_09-6.enc
986-1525Q_UPS_09-8_ID18 is for a specific firmware fix for another SMT unit, not to be used unless advised.
And that information should have been supplied somewhere in the documentation...
Posted: 2022-08-26 09:44 AM
Resurrecting this post for @MysteryGuy_apc
APC re-issued https://www.apc.com/us/en/faqs/FA279197/
There is now an updated SMT18UPS_09-8.enc file for the 18 model UPS (previous version was 09-6).
Unfortunately, the SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf continues to be extremely poorly written. In all the verbiage, there is no mention that the Firmware Wizard was updated from 4.3.0 to 4.3.1 and that it contains these new files.
Yes, there's a security vulnerability in our products, but we're APC and we are going to make it difficult for you to go about fixing it...
Posted: 2022-08-31 11:25 AM
I downloaded the 4.3.1 Wizard and ran it to the point it wanted me to select a file. (It says the SMT1500 can't be updated with load active, and it's a pain for me to re-plug things for updating and I wasn't ready to try).
The good news is that it only showed me one choice (hurray) for ID 18 this time.
It still seems confusing that https://www.apc.com/us/en/faqs/FA279197/ shows ID 18 as using a file that's named ending in '09-8.enc', but the 'Firmware version after upgrade' firmware is still listed as only 9.6.
Maybe I'm assuming too much about the naming scheme.