Release Notes for Galaxy VS Firmware 6.101.0

CDiggin · ‎2024-06-26

The Galaxy VS application firmware version 6.101.0 release notes apply to the following NMC cards and products:

AP9644 Network Management Card 4 (NMC4)
See Knowledge Base article FAQ000265832 for the list of applicable SKUs.

New Features

For a list of features available in the NMC 4, refer to the Network Management Card 4 Feature List.

New Feature

Additional logging has been added for the following features:
TCP/IP, EventActions, SSH, Web, FTP, System, SNMP, Modbus and PCNS.

NOTE: Notifications by email and trap for audit log events is disabled by default.

All user types can now change their own password via the Web UI and CLI.

NOTE: Admin users can no longer change their own password without first entering their current password on the Web UI and CLI. It will however be possible for an Admin user to change another users password without entering the current password.

UPS ambient temperature is now readable from an NMC over Modbus.

Support added for Dell VxRail for PowerChute Network Shutdown v4.5 or higher.

It is now possible to configure the SNMP port for SNMP v1 and SNMP v3 trap receivers. This can be set through the Web UI, CLI or the config.ini.

Fixed Issues

Fixed Issue

It is now possible to generate a Technical Support debug file if you are logged into the NMC via RADIUS. You no longer need to log in as a local user to generate this file.

The Battery Type is now correctly reported as “Lithium Ion” on the UPS Battery Measurements page in the Web UI when a Lithium-ion battery is used.

The Update using NTP option works as expected on both the initial and subsequent requests now.

Security Updates

The following security vulnerabilities have been addressed in this release:

CVE-2023-6032: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability.
CWE-269: Improper Privilege Management vulnerability exists that could cause a low privileged user to escalate their privilege when that user logs in to the web application.
CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists that could lead to saved user provided information, that is not neutralized correctly, being interpreted as a command when the file is opened by a spreadsheet product.
CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a reboot of the Network Management Card (NMC4) when an attacker sends partial HTTP connections to the web server.

The following third-party component has been updated to address cybersecurity vulnerability:

OpenSSL: CVE-2022-4304.

Known Issues

Known Issue

When a reset is performed or self-signed TLS certificates are generated from the Web UI or the CLI on the Network
Management Card on the 29th of February, HTTPS may become unavailable as an invalid TLS certificate will be created. We recommend you wait until the 1st of March on a leap year to run the gencert command on the Network Management Card CLI. If browsing over the Web UI is essential, the Network Management Card can be accessed over HTTP, however for cybersecurity reasons, we at Schneider Electric do not recommend this unless absolutely necessary.

Traps with more than 200 characters are being truncated.

Configuration changes for Vendor Cookie sections are not reported in emails.

Due to security enhancements, downgrading to a previous firmware version may result in some features not working as expected. If a downgrade to a previous firmware version is required, the email authentication password will need to be reset manually.

Some DER format certificates cannot be uploaded to the NMC using SCP. It is recommended that PEM format certificates are used.

As user SSL certificates are removed, and self-signed certificates are regenerated during a reset of all NMC settings, when you are logged out after initializing a reset of all NMC settings, you must refresh the page before the browser can connect to the NMC over HTTPS using the new SSL certificates.

After a reset of all NMC settings, you may be presented with the error “Maximum number of sessions exceeded” when attempting to login to the NMC Web UI. The NMC should be accessible once again after 3 minutes.

Events related to the temperature and humidity probe connected to the Network Management Card are not displayed in PowerChute Network Shutdown if the probe is connected after registration is complete. To prevent this issue from occurring, connect the temperature and humidity probe to the Network Management Card before completing the registration in PowerChute Network Shutdown. Alternatively, connect the probe after registration is complete and restart the PCNS service.

When you attempt to login to the NMC Web UI following a soft reset, you will be immediately logged out following a successful login. This can be resolved by closing and restarting the web browser.

When using a custom email server for a configured email recipient, if a recipient authentication password is set for the email recipient, the settings for the recipient can no longer be changed using the email CLI command, unless the password (-p) and confirm password (-d) arguments are included. Note that the settings can be changed without any problems from the Web UI.

On very rare occasions following a soft reset, when SNMP is configured, the NMC does not communicate over SNMP. On these occasions, a reboot of the NMC is required to resolve the issue. With some browsers, due to auto-refresh functionalities, an inactive user may not be automatically logged out if the configured session timeout is greater than 15 minutes. It is recommended that the session timeout for a user is no greater than 15 minutes. The default is set to 3 minutes.

SSH and HTTPS connections will be unsuccessful if the private key is not generated in PEM.

It is not possible to register a PowerChute client that is using IPv6 with the NMC.

Disabling Syslog on a per-event basis does not work as expected. You can only disable Syslog using the event action per-group option in the Web UI.

No event is logged when an SSL certificate is removed via the SSL Certificate Configuration page in the Web UI. The “New self-signed certificate loaded” event will be logged if a new certificate is manually added or auto generated if the old certificate is deleted or out of date.

You may be logged out unexpectedly from the Web UI if multiple Web UI tabs are open. This issue only occurs on Google Chrome.

When a user’s password is changed via the user command in the CLI and does not meet the password requirements, a parameter error is displayed instead of “Password did not meet the requirements for a strong password.”

There are discrepancies between the current time displayed in the Web UI and the CLI. The date command in theCLI will report the current time in real-time, whereas the Web UI will display the browser’s current time with respect to the UTC value set.

NOTE: The UPS HMI will also display the current time in real-time.

The Configure Events screen in PowerChute Network Shutdown v4.3 displays the “Communication Established with EMC” and “Communication Lost with EMC” events. These events can be ignored as they are not supported.

When the optional NMC (AP9644) is inserted, some alarms and events are not logged on all the configured interfaces (traps, emails, Syslog, Event Log). For example, the “Lost Communication” alarm is not logged as an active alarm or sent as a trap/email.

When the Web UI is locally accessed via an internal IP address (169.254.251.1 / 169.254.252.1) and HTTP/HTTPS is disabled, you can no longer access the UI using the disabled protocol. For example, if HTTP is disabled, you cannot access the Web UI at http://169.254.252.1

When adding a rule via the Firewall Configuration page in the Web UI, the table incorrectly includes the Range/Subnet column, which is not currently supported.

The Notification Delay and Repeat Interval features for event actions do not behave as expected. For example, you may receive multiple notifications for an active event.

You cannot connect to SNMPv1 using an IPv6 address. Use SNMPv3 as an alternative.

When you log out from the NMC serial console interface, the Current Sessions page in the Web UI still shows the session as active.

File Transfer Protocol (FTP) is not available over IPv6.

When credentials are provided in StruxureWare Data Center Expert after adding the NMC via SNMP, the NMC still requires login credentials when attempting to access the Web UI.

When Auto Configuration is disabled in the IPv6 Settings page in the Web UI, the NMC still displays the card’s IPv6 address, and the card is accessible using a DHCP IPv6 address.

No browser warning message is displayed in the Web UI when navigating without saving your changes.

When viewing the Event Details page in the Web UI for an event, you cannot disable the logging of an event to the Event Log.

When accessing the Web UI using a smartphone, the Rule Configuration table on the Firewall Configuration page is not responsive.

When an SNMPv3 profile is enabled with a valid NMS IP/Host Name, you can connect to a MIB browser of another system and not the configured SNMP profile.

NOTE: The only supported value for NMS IP/Host Name for SNMPv3 is “0.0.0.0”.

Release Notes for Galaxy VS Firmware 6.101.0

Related Forums

EcoStruxure IT forum

APC UPS Data Center & Enterprise Solutions Forum