PowerChute Network Shutdown v4.4.1 ships with OpenJDK 15 which includes an EDCSA vulnerability (CVE-2022-21449) as reported here.
Product:
PowerChute Network Shutdown v4.4.1
Environment:
All supported operating systems
Solution:
Upgrade the Java version used by PowerChute to OpenJDK 17.0.3.
Vulnerable cipher suites:
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
SHA3-224withECDSA
SHA3-256withECDSA
SHA3-384withECDSA
SHA3-512withECDSA
NONEwithECDSAinP1363Format
SHA1withECDSAinP1363Format
SHA224withECDSAinP1363Format
SHA256withECDSAinP1363Format
SHA384withECDSAinP1363Format
SHA512withECDSAinP1363Format
SHA3-224withECDSAinP1363Format
SHA3-256withECDSAinP1363Format
SHA3-384withECDSAinP1363Format
SHA3-512withECDSAinP1363Format
NOTE: PowerChute does not use any of the above cipher suites for its web server and is therefore not vulnerable to the issue. For added assurance, you can upgrade to OpenJDK 17.0.3.
Released for: Schneider Electric Hong Kong


Need help?
Start here!
Find answers now. Search for a solution on your own, or connect with one of our experts.
Contact Support
Reach out to our customer care team to receive more information, technical support, assistance with complaints and more.
Where to buy?
Easily find the nearest Schneider Electric distributor in your location.
Search FAQs
Search topic-related frequently asked questions to find answers you need.
Contact Sales
Start your sales enquiry online and an expert will connect with you.