Network Management Card 4 (NMC 4) Galaxy VS
Firmware 6.101.0 Release Notes
Table of Contents
New Features.................................................................................................................................................................... 1
Fixed Issues ...................................................................................................................................................................... 2
Known Issues .................................................................................................................................................................... 2
Miscellaneous.................................................................................................................................................................... 5
The Galaxy VS application firmware version 6.98.0 release notes apply to the following NMC cards and products:
• AP9644 Network Management Card 4 (NMC4)
• See Knowledge Base article FAQ000265832 for the list of applicable SKUs.
New Features
For a list of features available in the NMC 4, refer to the Network Management Card 4 Feature List.
Top ↑
New Feature
Additional logging has been added for the following features:
TCP/IP, EventActions, SSH, Web, FTP, System, SNMP, Modbus and PCNS.
Note: Notifications by email and trap for audit log events is disabled by default.
All user types can now change their own password via the Web UI and CLI.
Note: Admin users can no longer change their own password without first entering their current password on the
Web UI and CLI. It will however be possible for an Admin user to change another users password without
entering the current password.
UPS ambient temperature is now readable from an NMC over Modbus.
Support added for Dell VxRail for PowerChute Network Shutdown v4.5 or higher.
It is now possible to configure the SNMP port for SNMP v1 and SNMP v3 trap receivers. This can be set through
the Web UI, CLI or the [Link].
1
�Fixed Issues
Top ↑
Fixed Issue
It is now possible to generate a Technical Support debug file if you are logged into the NMC via RADIUS. You no
longer need to log in as a local user to generate this file.
The Battery Type is now correctly reported as “Lithium Ion” on the UPS Battery Measurements page in the Web UI
when a Lithium-ion battery is used.
The Update using NTP option works as expected on both the initial and subsequent requests now.
Security Updates
The following security vulnerabilities have been addressed in this release:
• CVE-2023-6032: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability.
• CWE-269: Improper Privilege Management vulnerability exists that could cause a low privileged user to
escalate their privilege when that user logs in to the web application.
• CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists that could lead
to saved user provided information, that is not neutralized correctly, being interpreted as a command when
the file is opened by a spreadsheet product.
• CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a reboot of the
Network Management Card (NMC4) when an attacker sends partial HTTP connections to the web server.
The following third-party component has been updated to address cybersecurity vulnerabilities:
• OpenSSL: CVE-2023-0286, CVE-2022-4304, CVE-2022-4203, CVE-2023-0215, CVE-2022-4450, CVE-
2023-0216, CVE-2023-0217, and CVE-2023-0401.
Known Issues
Top ↑
Known Issue
When a reset is performed or self-signed TLS certificates are generated from the Web UI or the CLI on the Network
Management Card on the 29th of February, HTTPS may become unavailable as an invalid TLS certificate will be
created. We recommend you wait until the 1st of March on a leap year to run the gencert command on the
Network Management Card CLI. If browsing over the Web UI is essential, the Network Management Card can be
accessed over HTTP, however for cybersecurity reasons, we at Schneider Electric do not recommend this unless
absolutely necessary.
Traps with more than 200 characters are being truncated.
Configuration changes for Vendor Cookie sections are not reported in emails.
2
� Known Issue
Due to security enhancements, downgrading to a previous firmware version may result in some features not
working as expected. If a downgrade to a previous firmware version is required, the email authentication password
will need to be reset manually.
Some DER format certificates cannot be uploaded to the NMC using SCP. It is recommended that PEM format
certificates are used
As user SSL certificates are removed, and self-signed certificates are regenerated during a reset of all NMC
settings, when you are logged out after initializing a reset of all NMC settings, you must refresh the page before the
browser can connect to the NMC over HTTPS using the new SSL certificates.
After a reset of all NMC settings, you may be presented with the error “Maximum number of sessions exceeded”
when attempting to login to the NMC Web UI. The NMC should be accessible once again after 3 minutes.
Events related to the temperature and humidity probe connected to the Network Management Card are not
displayed in PowerChute Network Shutdown if the probe is connected after registration is complete. To prevent this
issue from occurring, connect the temperature and humidity probe to the Network Management Card before
completing the registration in PowerChute Network Shutdown. Alternatively, connect the probe after registration is
complete and restart the PCNS service.
When you attempt to login to the NMC Web UI following a soft reset, you will be immediately logged out following a
successful login. This can be resolved by closing and restarting the web browser.
When using a custom email server for a configured email recipient, if a recipient authentication password is set for
the email recipient, the settings for the recipient can no longer be changed using the email CLI command, unless
the password (-p) and confirm password (-d) arguments are included. Note that the settings can be changed
without any problems from the Web UI.
On very rare occasions following a soft reset, when SNMP is configured, the NMC does not communicate over
SNMP. On these occasions, a reboot of the NMC is required to resolve the issue. With some browsers, due to
auto-refresh functionalities, an inactive user may not be automatically logged out if the configured session timeout
is greater than 15 minutes. It is recommended that the session timeout for a user is no greater than 15 minutes.
The default is set to 3 minutes.
SSH and HTTPS connections will be unsuccessful if the private key is not generated in PEM.
It is not possible to register a PowerChute client that is using IPv6 with the NMC.
Disabling Syslog on a per-event basis does not work as expected. You can only disable Syslog using the event
action per-group option in the Web UI.
No event is logged when an SSL certificate is removed via the SSL Certificate Configuration page in the Web UI.
The “New self-signed certificate loaded” event will be logged if a new certificate is manually added or auto
generated if the old certificate is deleted or out of date.
You may be logged out unexpectedly from the Web UI if multiple Web UI tabs are open. This issue only occurs on
Google Chrome.
3
� Known Issue
When a user’s password is changed via the user command in the CLI and does not meet the password
requirements, a parameter error is displayed instead of “Password did not meet the requirements for a strong
password.”
There are discrepancies between the current time displayed in the Web UI and the CLI. The date command in
theCLI will report the current time in real-time, whereas the Web UI will display the browser’s current time with
respect to the UTC value set.
NOTE: The UPS HMI will also display the current time in real-time.
The Configure Events screen in PowerChute Network Shutdown v4.3 displays the “Communication Established
with EMC” and “Communication Lost with EMC” events. These events can be ignored as they are not supported.
When the optional NMC (AP9644) is inserted, some alarms and events are not logged on all the configured
interfaces (traps, emails, Syslog, Event Log). For example, the “Lost Communication” alarm is not logged as an
active alarm or sent as a trap/email.
When the Web UI is locally accessed via an internal IP address ([Link] / [Link]) and HTTP/HTTPS
is disabled, you can no longer access the UI using the disabled protocol. For example, if HTTP is disabled, you
cannot access the Web UI at [Link]
When adding a rule via the Firewall Configuration page in the Web UI, the table incorrectly includes the
Range/Subnet column, which is not currently supported.
The Notification Delay and Repeat Interval features for event actions do not behave as expected. For example, you
may receive multiple notifications for an active event.
You cannot connect to SNMPv1 using an IPv6 address. Use SNMPv3 as an alternative.
When you log out from the NMC serial console interface, the Current Sessions page in the Web UI still shows the
session as active.
File Transfer Protocol (FTP) is not available over IPv6.
When credentials are provided in StruxureWare Data Center Expert after adding the NMC via SNMP, the NMC still
requires login credentials when attempting to access the Web UI.
When Auto Configuration is disabled in the IPv6 Settings page in the Web UI, the NMC still displays the card’s IPv6
address, and the card is accessible using a DHCP IPv6 address.
No browser warning message is displayed in the Web UI when navigating without saving your changes.
When viewing the Event Details page in the Web UI for an event, you cannot disable the logging of an event to the
Event Log.
When accessing the Web UI using a smartphone, the Rule Configuration table on the Firewall Configuration page
is not responsive.
4
� Known Issue
When an SNMPv3 profile is enabled with a valid NMS IP/Host Name, you can connect to a MIB browser of another
system and not the configured SNMP profile. NOTE: The only supported value for NMS IP/Host Name for SNMPv3
is “[Link]”.
Miscellaneous
Recovering from a Lost Password
If you forget the Super User password, you can reset it back to its default of apc by holding down
the Reset button on the NMC’s faceplate for 15 seconds. The NMC’s Status LED will flash orange three times in a
short burst to indicate that the reset was successful. This action is logged to the Event Log.
Alternatively, you can reset the Super User password back to its basics in the Web UI (Control > Network > Reset
NMC Settings) or through the CLI interface (resetToDef). To reset the Super User password, Administrator, or
Network user privileges are required. Reset-related actions are logged to the Event Log.
Event Support List
To obtain the event names and event codes for all events supported by a currently connected device, first
retrieve the [Link] file from the attached NMC. To use SCP to retrieve [Link] from a configured NMC:
1. Open a connection to the NMC, using its IP Address:
scp <admin_username>@<ip_address>:[Link] <filename_to_be_stored>
2. Log on using the Administrator user name and password
The file is written to the folder from which you launched SCP.
In the [Link] file, find the section heading [EventActionConfig]. In the list of events under that section
heading, substitute 0x for the initial E in the code for any event to obtain the hexadecimal event code
shown in the user interface and in the documentation. For example, the hexadecimal code for the code
E0033 in the [Link] file (for the event "System: Configuration change") is 0x0033.
PowerNet MIB Reference Guide
NOTE: The MIB Reference Guide on the Schneider Electric website explains the structure of the MIB, types of
OIDs, and the procedure for defining SNMP trap receivers. For information on specific OIDs, use a MIB browser
to view their definitions and available values directly from the MIB itself. You can view the definitions of traps at
the end of the MIB itself (the file [Link] or higher on the Schneider Electric website).
Copyright © 2024 Schneider Electric. All rights reserved.
[Link]
TME39546
03-2024
