Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL (Update A)

CVEs (1)

Remediations

• If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: 1. Log on to the NMC4 via the Web Interface. Once logged into the system, navigate to the Console settings page from the menu bar by selecting Configuration -> Network -> Console -> Access 2. From the Console setting screen, uncheck the enable SSH/SFTP/SCP check box -> Click Apply As an alternative, setup network segmentation and implement a firewall to block all unauthorized access to SSH port 22/TCP. If assistance is needed applying the above mitigation, please contact our technical support team: https://www.se.com/ww/en/work/support/ To learn more, we recommend reviewing the Network Management Card 4 Security Handbook for specific actions available here to secure your devices further: https://www.se.com/us/en/download/document/SPD_CCON-B8EJSJ_EN/ To ensure you are informed of all updates, including details on affected products and remediation plans, subscribe to Schneider Electric's security notification service here: https://www.se.com/en/work/support/cybersecurity/security-notifications.jsp
• Version 6.123.0 of Galaxy VS includes a fix for this vulnerability and is available through your local FSR by contacting Schneider Electric's Customer Care Center.
• Version 18.10.0 of Galaxy VL includes a fix for this vulnerability and is available through your local FSR by contacting Schneider Electric's Customer Care Center.
• Version 15.29.0 of Galaxy VXL includes a fix for this vulnerability and is available through your local FSR by contacting Schneider Electric's Customer Care Center.

Affected Vendors

Affected Products (6)

Affected Sectors

Commercial Facilities, Critical Manufacturing, Energy