Browse FAQs

Treck TCP/IP Vulnerabilities (Ripple20)

Published date: 19 October 2020

Issue: 
Schneider Electric is aware of multiple vulnerabilities affecting Treck Inc.’s embedded TCP/IP stack, collectively known as Ripple20, which Treck disclosed publicly on June 16, 2020. Schneider Electric has determined multiple offers that are impacted.


To stay up to date on security notifications, please register for Schneider Electric Cybersecurity Notifications here: https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp.

Product Line: 
  • UPS Network Management Cards (NMC) (SmartSlot, pre-installed with Smart-UPS, Symmetra, Galaxy 3500, SUVT UPS, 3-phase Smart-UPS & Symmetra UPS)
  • Devices with an embedded Network Management Card include Smart-UPS, Symmetra, Galaxy UPS, Metered/Switched Rack PDUs, Rack Automatic Transfer Switches, Environmental Monitoring Units, Cooling.

A full list of impacted offers can be found here: Schneider Electric Security Notification.

Resolution:



This issue (specific CVE associated with the issues are listed in the security notification here - https://www.se.com/ww/en/download/document/SEVD-2020-175-01/) will be resolved via firmware upgrade, links to the various applications are listed below. This kBase is dedicated only to provide APC Network Management Cards firmware updates.

The download links will be updated as they are made available for download.

For support on performing a firmware upgrade, please visit https://www.apc.com/us/en/faqs/FA156047/.

NOTE: Certain vulnerability scanning software detects for the precense of the Treck stack, and the below firmware revisions may still scan as vulnerable although the issue has been fixed. Please contact the vendor of the scanning software to ensure the plugins have been updated to account for Treck fixes.



 
Products Firmware Update with mitigation
Smart-UPS, Symmetra, and Galaxy UPS with the following NMC2 SmartSlot models or embedded network management card:
 
  • AP9630/AP9630CH/AP9630J
  • AP9631/AP9631CH/AP9631J
  • AP9635/AP9635CH
Version: v6.9.2 & later

Application:
SUMX (SmartUPS & Galaxy 3500)

SY (Single Phase Symmetra)

Release notes

 
Network Management Card 3 (NMC3) SmartSlot card models:
 
  • AP9640/AP9640J
  • AP9641/AP9641J
Version: SmartUPS v1.3.3.1 & later

Application:
SU (SmartUPS & Galaxy 3500)

Release notes

 
APC Rack Power Distribution Units (PDU)

Embedded NMC2:
  • 2G Metered/Switched Rack PDUs with embedded NMC2 AP84XX, AP86XX, AP88XX, AP89XX
Version: v6.9.4 & later

Application:
RPDU2G

Release notes

 
Rack Automatic Transfer Switches (ATS)

Embedded NMC2
  • Rack Automatic Transfer Switches AP44XX
Version: v6.9.4 & later

Application:
ATS4G

Release notes

 
Environmental Monitoring

Embedded NMC2
  • NetBotz NBRK0250
Version: v6.9.4 & later

Application:
NB250

Release notes

 
Network Management Card 2 for Symmetra PX 20/40 kW UPS
 
  • AP9630/AP9631/AP9635
Version: v6.9.4 & later

Application:
SY3P

Release notes

 
Network Management Card 2 for Symmetra PX 48/96/100/160 kW UPS
 
  • AP9630/AP9631/AP9635
Version: v6.9.4 & later

Application:
PX2

Release notes

 
Network Management Card 2 for 400 and 500 kVA PMM
 
  • PMM400-ALAPMM400-ALAXPMM400-CUB
  • PMM500-ALA, PMM500-ALAXPMM500-CUB
Version: v6.9.4 & later

Application:
PMM

Release notes

 
Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU)
 
  • PD40G6FK1-M,PD40F6FK1-M,PD40L6FK1-M,PDRPPNX10-M,PD60G6FK1,PD60F6FK1,PD60L6FK1,PDRPPNX10,PD40E5EK20-M,PD40H5EK20-M
Version: v6.9.4 & later

Application:
XPDU

Release notes

 
Network Management Card 2 for Modular 150/175kVA PDU (XRDP)
 
  • PDPM150G6F, PDPM150L6F, PDPM175G6H
Version: v6.9.4 & later

Application:
XRDP

Release notes

 
Network Management Card 2 for Modular PDU/RPP (XRDP2G)
  • PDPM72F-5U,PDPM138H-5U,PDPM144F, PDPM138H-R,PDPM277H,PDPM288G6H
Version: v6.9.4 & later

Application:
XRDP2G

Release notes

 
Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P)
  • PDPB150G6F


 
Version: v6.9.4 & later

Application:
X84P

Release notes

 
Network Management Card 2 (NMC2) Cooling Products
  • Aquaflair TSA/TRA Chiller Touchscreen Display
  • Uniflair LE Perimeter Cooling Display for SKUs 
  • TDAV, TUAV, TDWV, TUWV, TDEV, TUEV, TDCV, TUCV, and HDCV
  • Uniflair LE DX Perimeter Cooling Display for SKUs IDAV, IDEV, IDWV, IUAV, IUEV, IUWV, IXAV, IXEV, IXWV, LDAV, LDEV, and LDWV
  • Uniflair LEL Perimeter Cooling Touchscreen Display for LDCV, and LUCV
  • InRow Cooling for series ACRP5xx, ACRP1xx, ACRD5xx, and ACRC5xx SKUs
  • InRow Cooling for series ACRC10x SKUs
  • InRow Cooling for series ACRD6xx and ACRC6xx SKUs
  • InRow Cooling Display for series ACRD3xx
  • InRow Cooling Display for series ACRC3xx
  • InRow Cooling for series ACSC1xx SKUs
  • InRow Cooling for series ACRD1xx and ACRD2xx
  • Ecoflair IAEC25/50 Air Economizer Display 







Please contact your local support team


 


Please revisit this page for future firmware updates relevant for your respective Schneider Electric products.

Was this helpful?

What can we do to improve the information ?

Can't find what you are looking for?

Reach out to our customer care team to receive information on technical support, assistance for complaints and more.