Schneider Electric MGE Galaxy

2018: Critical vulnerabilities in modules of management of the Galaxy UPS

Experts of Positive Technologies Ilya Karpov, Evgeny Druzhinin and Stepan Nosov detected four vulnerabilities in modules of management of network uninterruptible power supply units of APC of Schneider Electric company which are used in the industry, medicine, an oil and gas sector, data processing centers, management systems for buildings and in other spheres. Two vulnerabilities received assessment in 10 points on CVSS v scale. 3 that corresponds to the highest level of danger, reported on April 20, 2018 in Positive Technologies.

Security concerns are revealed in modules of management of APC MGE SNMP/Web Card Transverse 66074 set in uninterruptible power supply units of Galaxy 5000/6000/9000, EPS 7000/8000/6000, Comet UPS/3000, Galaxy PW/3000/4000, STS (Upsilon and Epsilon).

The first vulnerability of CVE-2018-7243 (assessment 10) in the built-in Web server (port 80/443/TCP) allows the removed malefactor to get full access to management of the UPS bypassing an authentication system that poses a threat of continuity of operation of the equipment connected to the power supply network.

For vulnerability elimination the producer recommends to replace the vulnerable module of management with NMC kit G5K9635CH in the Galaxy 5000, Galaxy 6000, Galaxy 9000 UPS, and for MGE EPS 7000 and MGE EPS 8000 it is necessary to install the module of management NMC kit G9KEPS9635CH. For other vulnerable UPSes replacement is absent. Besides, the vendor recommends to follow standard rules of ensuring cyber security for risk minimization.

The second vulnerability of the built-in Web server (port 80/443/TCP) consists in a possibility of obtaining sensitive information on uninterruptible power supply unit (CVE-2018-7244, assessment 5.3). Operation of the third vulnerability (CVE-2018-7245, assessment 7.3) allows the malefactor to change different parameters of the device, including shutdown parameters without authorization. For elimination of these two vulnerabilities it is necessary to include authentication for all HTML pages on the page of access control (it can be made by the user at the UPS initial installation).

The fourth vulnerability (CVE-2018-7246, assessment 10) gives to the removed malefactor the chance to intercept given to an account of the administrator. If on the device SSL is not activated, at a request of the page of access control data of the account will be sent in open form. The producer recommends to use the SSL mode as the mode by default and in addition to control access to control interfaces, applying, for example, the Modbus RTU interface in the UPS together with the Modbus/SNMP-gateway.

2016: 60 and 80 kVA Schneider Electric MGE Galaxy 300

February, 2016 Schneider Electric announced expansion of a line of the uninterruptible power supply units (UPSU) of Galaxy 300 due to adding of models in it 60 and 80 kVA. These models, suitable for the enterprises of different scale, offices and small server rooms, provide effective and reliable protection of power supply, preventing idle times of the responsible equipment and data loss, differing at the same time in price appeal and simplicity of installation. Besides, new UPSes allow to reduce operating costs and costs for cooling thanks to the high efficiency and distortions of an input current less than 3.5% at an overall load.

For the purpose of ensuring high operational readiness, the kVA Galaxy 300 from 10 to 80 UPS are standardly equipped with a connectivity to two inputs of power supply and use the scheme of double conversion providing zero transition time on batteries. The internal electronic bypass prevents power supply interruption by switching to mains supply at big overloads. In need of creation of schemes with reservation the connected equipment can be powered from two UPSes connected in parallel. In addition, a system provides to users options of creation of the UPS configuration with the built-in batteries, (providing up to 10 minutes of smooth operation), or the UPS with the umoshchnenny charger and external batteries (that allows to prolong work for a while till four o'clock).

To control the needs for the electric power and to manage a status of the device it is possible as from a frontal panel and remotely, through simple Web/SNMP the interface. The UPS is supplied with the graphics display, convenient for perception, with support of 18 languages, including Russian, a symbolic circuit of the current operation mode and a possibility of sound notifications.

Galaxy 300 from 10 to 80 kVA differ in convenience of installation and also are supplied a number of the functions allowing to optimize compliance to regulatory requirements, possibilities of maintenance and operational qualities of a system throughout its service life. The built-in service bypass allows to disconnect completely the UPS from loading, without interrupting its power supply, and the oar door and sliding panels provide convenience of maintenance in limited space. Saving of time at installation is reached at the expense of configurations with the wide or narrow tower case which is easily integrated both into new and into already existing equipment and also due to accurate and evident marking of connections. Screens with the consecutive hint and the intuitive menu provide speed and ease of setup and system navigation.

Among additional opportunities of the UPS It should be noted:

• The double entry of power supply allowing to create schemes with one or two independent sources of power supply;
• The input with compensation of electrical power factor eliminating need for overestimate of rated characteristics of cables, time cut-outs and generators;
• Possibilities of selection of battery life over a wide range, using the built-in or external batteries;
• The configurations with a three-phase input and a three-phase exit and a three-phase input and a single-phase exit allowing to select the corresponding option for required distribution of power supply;
• Compliance to requirements of the directive RoHS (restriction for use of harmful materials).

KVA Galaxy 300 from 10 to 80 UPSes are delivered through partners and contractors in electrotechnical works.

2013

Schneider Electric MGE Galaxy 300i

exit of this system of uninterrupted power the Schneider Electric company reported on June 28, 2013. The Galaxy 300i UPS provides a reliable power supply of the responsible applications requiring presence of galvanic isolation. Galaxy 300i is the simple and reliable solution for protection of the responsible equipment of the small and medium enterprises, commercial buildings and technical objects. A system is intended for effective protection of power supply, provides simplicity of installation and the best price relation and characteristics.

Galaxy 300i is the three-phase uninterruptible power supply unit which is completely conforming to requirements of RoHS (restriction for use of harmful materials in construction of the UPS). Efficiency with the built-in output transformer of galvanic isolation reaches 90.5%. So high efficiency allows to reduce operating costs and expenses on cooling in the average and long term.

In architecture of the Galaxy 300i UPS the topology of double conversion which provides permanently high quality of tension for loading is applied. The device is also equipped with the built-in transformer of galvanic isolation and an internal mechanical bypass for additional increase in availability of power supply. These features in combination with compact construction and simplicity of installation meet all major requirements of customers which need the 3-phase UPS with the power range from 10 to 40 kVA.

Schneider Electric MGE Galaxy 5500

MGE Galaxy 5500 is the system of protection of three-phase power supply with the power range of 20 — 120 kVA, expected the broad range of requirements. Distinctive features of innovation are: the improved efficiency, the lowered noise level, the increased reliability, the optimized dimensions (thanks to a configuration "all in one"), convenience in service and also a possibility of increase in power of the UPS in use and parallel connection up to 6 devices. The UPS complete set is also expanded: the communication adapter with support of ModBus and TCP/IP is included in the delivery. Thanks to it MGE Galaxy 5500 is conveniently integrated into IT infrastructure: the preset payment of network administration is compatible to IP v6, SNMP v3 and a packet of PowerChute.

For increase in reliability of a power supply system, the double entry of a power supply allowing to connect two separate power sources and also redundant components guaranteeing uninterrupted operation is provided in model.

Power part of the UPS is executed on bipolar transistors with an isolated gate (IGBT) that provides high quality of a power supply at the output of the UPS: stable, without distortions tension provides long term of service of the protected equipment.

2011: Schneider Electric MGE Galaxy 300

The division of IT Business (APC by Schneider Electric) of Schneider Electric company, announced in June, 2011 the beginning of release of uninterruptible power supply unit of MGE Galaxy 300. Galaxy 300 is the simple and reliable solution for protection of the electrotechnical equipment at the small and medium enterprises, in commercial buildings and in technical departments. This system provides reliable support of power supply, ease of installation and has optimal price relation and efficiency.

Galaxy 300 is the three-phase UPS which is completely meeting the requirements for restrictions for the content of harmful substances (RoHS). Efficiency of uninterruptible power supply unit reaches 93% that is about 5% higher, than at other UPSes with similar characteristics. It helps to reduce operating expenses and cooling in the medium and long term.

In this UPS the topology of double conversion is applied that promotes stability and reliability at power supply. Galaxy 300 provides up to 30 minutes of independent operation from the built-in battery and has an internal mechanical bypass for increase in level of uninterrupted operation of power supply. These characteristics in combination with compact construction and convenience of installation meet the main requirements of the customers selecting the 3-phase UPS from power range of 10 — 40 kVA.

"Responses of our partners and main customers showed that smooth operation, reliability, controllability and convenience is requirements to which there should correspond the UPS on protection of the critical equipment which is not relating to IT area, – Kharitonov Nikolay, the Head of Department on work with partners of division of IT Business (APC by Schneider Electric) of the company of "Schneider Electric' noted. — The equipment of production lines or technology processes which cannot be stopped before end of a cycle needs just the same protection, as well as the IT equipment server and DPCs. Galaxy 300 was created with emphasis for work on such sections and will be on sale only through electrotechnical partners of Schneider Electric".

Users can trace and control the needs for power supply both locally, and far off via the simple interface on a basis on the basis of the web browser and SNMP with convenient information representation in 18 languages, including Russian.

For convenience of distribution of power supply configurations of an input and an exit are offered: "three phases — one phase" and "three phases — three phases". It became much simpler to service Galaxy 300 even in the conditions of limited space, thanks to a possibility of service only from the front panel. Wiring can purchase the Galaxy 300 UPS at the same supplier at whom other electric equipment is usually purchased. Thanks to all these opportunities and also additional services for commissioning and warranty service on site the Galaxy 300 UPS provides the maximum convenience of installation, support and service in the class.

The standard guarantee on uninterruptible power supply unit of MGE Galaxy 300 makes one year, but can be prolonged. A system is available to the order at distributors of Schneider Electric since 3rd quarter 2011. About the range of the UPS offered APC by Schneider Electric address for the additional information on the website www.apc.com or by phone number 8 800 200-27-22 (calls by Russia free).