Release Notes for Smart-UPS & 1-Phase Symmetra Firmware v3.1

SwathiNaidu · ‎2024-10-20

Affected Revision Levels

Component	File	Details
Smart-UPS Application	snst_nmc3_su_3-1-1-1-v2.exe	UPS Application for Smart-UPS, Smart-UPS RT, Smart-UPS VT, MGE Galaxy 3500.
Symmetra Application	snst_nmc3_sy_3-1-1-1-v2.exe	UPS Application for 1-Phase Symmetra, Symmetra LX.

To upgrade to firmware version 3.0 or later, the only supported method is the Secure NMC System (SNS) Tool, which can be downloaded from www.apc.com/secure-nmc or by searching for SFNMC3FMTSU. To access the firmware in the software, a valid Secure NMC subscription is required. For more information, see the SNS Tool User Guide.

NOTE: If you upgrade to firmware version 2.0 or later, you cannot downgrade to a firmware version lower than 2.0.

If you downgrade from firmware version 2.4+ to a firmware version lower than 2.4, this will cause the card to be formatted, erasing all security certificates, encryption keys, configuration settings, and the event and data logs.

New Features

New Feature	UPS Family
New Feature	Smart-UPS	1-Phase Symmetra
Support added for user authentication via Lightweight Directory Access Protocol (LDAP).	♦	♦
Support added for baud rate 115,200 on the Console connection on Universal I/O port.	♦	♦
Support added for optional Spot Fluid Sensor (NBES0301).	♦
Support added for configuring Universal I/O sensors via the cfguio command on the Command Line Interface (CLI).	♦
Support added for remote authentication via the TACACS+ protocol. (Added for Smart-UPS application in v3.0).		♦
Security Updates
Support added for TLS 1.3.	♦	♦
Support added for SNMPv3 encryption via the SHA-256 and AES-256 protocols.	♦	♦
Password security has been updated to align with the requirements for IEC 62443-4-2. By default, passwords now need to be a minimum of 8 characters in length (strong password setting enabled). (Added for Smart-UPS application in v3.0)		♦

Fixed Issues

Fixed Issue	UPS Family
Fixed Issue	Smart-UPS	1-Phase Symmetra
Link-RX/TX LED is now working for all embedded NMC3s.	♦
Dates in SNMP, such as upsAdvIdentDateOfManufacture, are now available in the correct format, mm/dd/yyyy.	♦
The audit log of the Web UI is displayed in all supported languages.	♦
The NMC3 Web UI now allows passwords with up to 64 characters, as expected. (Added for Smart-UPS application in v3.0)		♦
For encrypted email settings, install CA certificate to the certificate store and set "Require CA Root Certificate" correctly. (Added for Smart-UPS application in v3.0)		♦
Improved TLS certificate for email. (Added for Smart-UPS application in v3.0)		♦
Security Update
The following security vulnerability has been addressed in this release: CWE-327: Use of a Broken or Risky Cryptographic Algorithm. This software uses a broken or risky cryptographic algorithm or protocol. Removed support in SSH for diffie-hellman-group14-sha1.	♦	♦
The following security vulnerability has been addressed in this release: CWE-598: Use of GET Request Method with Sensitive Query Strings. This software uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. Configuration of HSTS is now independent from HTTP or HTTPS configuration. When HSTS is enabled, an STS header is added to all responses over HTTPS.	♦	♦
The following security vulnerability has been addressed in this release: CWE-307: Improper Restriction of Excessive Authentication Attempts. This software does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks. The account now gets locked after bad login attempts.	♦	♦
The following security vulnerabilities have been addressed in this release: CWE-523: Unprotected Transport of Credentials.Login pages do not use adequate measures to protect the user nameand password while they are in transit from the client to the server. CWE-319: Cleartext Transmission of Sensitive Information.The product transmits sensitive or security-critical data in cleartext in acommunication channel that can be sniffed by unauthorized actors. The user is now referred as an index rather than the user name NMC/KrtUvuh39YtQmHbyua297g/usercfg.htm?user=2.	♦	♦
The following security vulnerability has been addressed in this release: CWE-200: Exposure of Sensitive Information to An Unauthorized Actor SSH Cipher Block Chaining (CBC) cipher has been removed.	♦	♦
The following security vulnerabilities have been addressed in this release: CWE-74: Improper neutralization of special elements in output used bya downstream component (Injection) CWE-79: Improper neutralization of input during web page generation (Cross-site Scripting). (Added for Smart-UPS application in v3.0)		♦

Known Issues

Known Issue

There is no known issue in this release.

Hash Signatures

Signatures	snst_nmc3_su_3-1-1-1-v2.exe
CRC32	51F99D98
CRC64	0E8E079EEEEB03FF
SHA-256	55E762F6D3E8CF751527A30D109A730E5029BFED261A2D3AE4D645D2FFA0EA1F
SHA-1	D6D4181A620C0606863C6F808774F9C3E773F70D
BLAKE2sp	80A283A939A16A48ED554002F2E284AB862685370B2EDEF6FF51BF0232C65AB0

Signatures	snst_nmc3_sy_3-1-1-1-v2.exe
CRC32	63A316A1
CRC64	9B16BD59FB4FAA58
SHA-256	C9C2BA0E8CC0FFE7DE1716817E5AD74F19B46B8D80569F3E402BBA3D6A3FB6D7
SHA-1	929DFB72C2A94D71C2A0938FD0A675ABE8BAC4E9
BLAKE2sp	BCD8B84A96027231279FDC88B20363F2384DAF55D2C99E7A3F62B9DB3ABB4FB1

Release Notes for Smart-UPS & 1-Phase Symmetra Firmware v3.1

Related Forums

EcoStruxure IT forum

APC UPS Data Center & Enterprise Solutions Forum