CVE-2021-22814

Name of the Vulnerable Software and Affected Versions APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2) versions prior to NMC2 AOS V6.9.8 APC Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2) versions prior to NMC2 AOS V6.9.6 APC Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU) with Network Management Card 2 (NMC2) versions prior to NMC2 AOS V6.9.6 APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3) versions prior to NMC3 AOS V1.4.2.1 APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2 versions prior to NMC2 AOS V6.9.6 APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3 versions prior to NMC3 AOS V1.4.0 APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP versions prior to NMC2 AOS V6.9.6 Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions prior to NMC2 AOS V6.9.6 Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions prior to NMC2 AOS V6.9.6 Network Management Card 2 for Modular 150/175kVA PDU (XRDP) versions prior to NMC2 AOS V6.9.6 Network Management Card 2 for 400 and 500 kVA (PMM) versions prior to NMC2 AOS V6.9.6 Network Management Card 2 for Modular PDU (XRDP2G) versions prior to NMC2 AOS V6.9.6 Rack Automatic Transfer Switches (ATS) Embedded NMC2 versions prior to NMC2 AOS V6.9.6 Network Management Card 2 (NMC2) Cooling Products versions prior to NMC2 AOS V6.9.6 Environmental Monitoring Unit with embedded NMC2 (NB250) versions prior to NMC2 AOS V6.9.6 Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4) versions prior to NMC2 AOS V6.9.6

Description A Cross-site Scripting vulnerability exists which could cause arbitrary script execution when a malicious file is read and displayed.

Recommendations For APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 2 (NMC2), update to NMC2 AOS V6.9.8 or later. For APC Symmetra PX 250/500 (SYPX) Network Management Card 2 (NMC2), update to NMC2 AOS V6.9.6 or later. For APC Symmetra PX 48/96/100/160 kW UPS (PX2), Symmetra PX 20/40 kW UPS (SY3P), Gutor (SXW, GVX), and Galaxy (GVMTS, GVMSA, GVXTS, GVXSA, G7K, GFC, G9KCHU) with Network Management Card 2 (NMC2), update to NMC2 AOS V6.9.6 or later. For APC Smart-UPS, Symmetra, and Galaxy 3500 with Network Management Card 3 (NMC3), update to NMC3 AOS V1.4.2.1 or later. For APC Rack Power Distribution Units (PDU) using NMC2 2G Metered/Switched Rack PDUs with embedded NMC2, update to NMC2 AOS V6.9.6 or later. For APC Rack Power Distribution Units (PDU) using NMC3 2G Metered/Switched Rack PDUs with embedded NMC3, update to NMC3 AOS V1.4.0 or later. For APC 3-Phase Power Distribution Products using NMC2 Galaxy RPP, update to NMC2 AOS V6.9.6 or later. For Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P), update to NMC2 AOS V6.9.6 or later. For Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU), update to NMC2 AOS V6.9.6 or later. For Network Management Card 2 for Modular 150/175kVA PDU (XRDP), update to NMC2 AOS V6.9.6 or later. For Network Management Card 2 for 400 and 500 kVA (PMM), update to NMC2 AOS V6.9.6 or later. For Network Management Card 2 for Modular PDU (XRDP2G), update to NMC2 AOS V6.9.6 or later. For Rack Automatic Transfer Switches (ATS) Embedded NMC2, update to NMC2 AOS V6.9.6 or later. For Network Management Card 2 (NMC2) Cooling Products, update to NMC2 AOS V6.9.6 or later. For Environmental Monitoring Unit with embedded NMC2 (NB250), update to NMC2 AOS V6.9.6 or later. For Network Management Card 2 (NMC2): AP9922 Battery Management System (BM4), update to NMC2 AOS V6.9.6 or later.