Release Notes for Smart-UPS v2.5.3.3 & 1-Phase Symmetra Firmware v2.5.3.2

SwathiNaidu · ‎2024-11-15

Affected Revision Levels

Component	File	Details
Smart-UPS Application	apc_hw21_su_2-5-3-3.nmc3	UPS Application for Smart-UPS, Smart-UPS RT, Smart-UPS VT, MGE Galaxy 3500.
Symmetra Application	apc_hw21_sy_2-5-3-2.nmc3	UPS Application for 1-Phase Symmetra, Symmetra LX.

For details on upgrading the UPS Network Management Card 3 (NMC 3) firmware, see the NMC3 User Guide.

NOTE: If you upgrade to firmware version 2.0 or later, you cannot downgrade to a firmware version lower than 2.0.

If you downgrade from firmware version 2.4+ or later to a firmware version lower than 2.4, this will cause the card to be formatted, erasing all security certificates, encryption keys, configuration settings, and the event and data logs.

New Features

New Feature

There is no new feature in this release.

Fixed Issues

Fixed Issue	UPS Family
Fixed Issue	Smart-UPS	1-Phase Symmetra
Downloading the Event Log via the Web UI works as expected when the language is set to Japanese.	♦	♦
Security Update
The following security vulnerability has been addressed in this release: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor SSH Cipher Block Chaining (CBC) cipher has been removed.	♦	♦
The following security vulnerabilities have been addressed in this release: CWE-523: Unprotected Transport of Credentials. Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server. CWE-319: Cleartext Transmission of Sensitive Information. The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The user is now referenced as an index rather than their username, for example: NMC/KrtUvuh39YtQmHbyua297g/usercfg.htm?user=2	♦	♦
The following security vulnerability has been addressed in this release: CWE-863: Incorrect Authorization The Network-Only user can only perform actions in the Web UI relevant to the user access level.	♦	♦
The following security vulnerability has been addressed in this release: CWE-20: Improper Input Validation Incoming BACnet packet sizes are now validated.	♦	♦
The following security vulnerability has been addressed in this release: CWE-598: Use of GET Request Method With Sensitive Query Strings. This software uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. Configuration of HSTS is now independent from HTTP or HTTPS configuration. When HSTS is enabled an STS header is added to all responses over HTTPS.	♦	♦

Known Issues

Known Issue

There is no known issue in this release.

Hash Signatures

Signatures	apc_hw21_su_2-5-3-3.exe
CRC32	1B525C68
CRC64	1919EC007B13BC96
SHA-256	C641E5D549CB88F6CDF914A9BD79A3F450118FC9CE6ADA47EA35A5C96FFA77C1
SHA-1	BCF0BE585DD3E21AF7A3ADA8F7893B5A0B8F1198
BLAKE2sp	6DBF86236F9B6EE639B42A883F832182ADF9990D99801ECD5FA4B8D1E42F56FA

Signatures	apc_hw21_sy_2-5-3-2.exe
CRC32	04E90885
CRC64	20EA59213CDCA39E
SHA-256	091163C905F29652AB41B4ABE12CA45402376B6CACD80E5911C9DDB2CC308134
SHA-1	FCFB7578356DFC98253BDDCBA2C483AF76DF8A43
BLAKE2sp	50CC9F255DE9DF12FB94C3AAD92661500CBB05FEB4A5DEF8BCDF1691529D4736

Release Notes for Smart-UPS v2.5.3.3 & 1-Phase Symmetra Firmware v2.5.3.2

Related Forums

EcoStruxure IT forum

APC UPS Data Center & Enterprise Solutions Forum