Our Brands

Welcome to the Schneider Electric Website

Welcome to our website.
Support
Search FAQs
FAQ000261240
Support
Search FAQs
FAQ000261240
How can we help you today?
PowerChute Network shutdown is affected by CVE-2023-20860 and CVE-2023-20861

Issue: PowerChute Network Shutdown is affected by CVE-2023-20860 and CVE-2023-20861

Products: PowerChute Network Shutdown v5.0

Environment: All support OS

Cause: spring 5.3.22 vulnerability

Solution: Update the spring library to mitigate CVE-2023-20860 and CVE-2023-20861

Steps: On a Windows system

  1. Stop PowerChute Service.
    1. Open a command prompt as an administrator and enter net stop PCNS1
  2. Remove old JAR files from the group1\lib folder.
    1. The default path for PowerChute is C:\Program Files\APC\PowerChute\group1
    2. Remove spring-aop-5.3.22.jar spring-beans-5.3.22.jar spring-context-5.3.22.jar spring-core-5.3.22.jar spring-expression-5.3.22.jar spring-web-5.3.22.jar
C:\Program Files\APC\PowerChute\group1\lib
  1. Copy in new 5.3.29 Spring JAR files. The files are attached as a zip to this FAQ.
    1. Uncompress the zip and copy the contents of the Spring5.3.29 folder to group1\lib
  2. Start PowerChute service.
    1. From the command prompt as an administrator enter net start PCNS1

Steps: on Linux system

NOTE: Linux is case sensitive when entering command and file names.

  1. Stop PowerChute Service.
    1. Open a terminal window with root privileges and enter sudo systemctl stop PowerChute
  2. Remove old JAR files from the group1/lib folder.
    1. The default path for PowerChute is /opt/APC/PowerChute/group1
    2. To remove the file cd to /opt/APC/PowerChute/group1/lib
    3. remove spring-aop-5.3.22.jar spring-beans-5.3.22.jar spring-context-5.3.22.jar spring-core-5.3.22.jar spring-expression-5.3.22.jar spring-web-5.3.22.jar
    4. The command is sudo rm -rf spring-*
/opt/APC/PowerChute/group1/lib
  1. Copy in new 5.3.29 Spring JAR files. The files are attached as a zip to this FAQ.
    1. Uncompress the zip and copy the contents of the Spring5.3.29 folder to group1/lib
  2. Start PowerChute service.
    1. From the terminal, as an administrator, enter sudo systemctl start PowerChute
When replacing the spring file on a Linux system that does not have a GUI download the zip to a Windows system and uncompress the folder. Then using a SFTP program (Filezilla, WinSCP) copy the files to the Linux system. The Linux system must have SSH enable to allow a connection. to enable SSH on a Linux run the command systemctl start sshd

Released for: Schneider Electric Hong Kong

Attachment(s)
Spring5.3.29.zip [4.94 MB]
PowerChute Network shutdown is affected by CVE-2023-20860 and CVE-2023-20861

Issue: PowerChute Network Shutdown is affected by CVE-2023-20860 and CVE-2023-20861
 

Products: PowerChute Network Shutdown v5.0

Environment: All support OS

Cause: spring 5.3.22 vulnerability 
 

Solution: Update the spring library to mitigate CVE-2023-20860 and CVE-2023-20861
 

Steps: On a Windows system

  1. Stop PowerChute Service.
    1. Open a command prompt as an administrator and enter net stop PCNS1
  2. Remove old JAR files from the group1\lib folder.
    1. The default path for PowerChute is C:\Program Files\APC\PowerChute\group1
    2. Remove spring-aop-5.3.22.jar spring-beans-5.3.22.jar spring-context-5.3.22.jar spring-core-5.3.22.jar spring-expression-5.3.22.jar spring-web-5.3.22.jar
C:\Program Files\APC\PowerChute\group1\lib
  1. Copy in new 5.3.29 Spring JAR files. The files are attached as a zip to this FAQ.
    1. Uncompress the zip and copy the contents of the Spring5.3.29 folder to group1\lib
  2. Start PowerChute service.
    1. From the command prompt as an administrator enter net start PCNS1

Steps: on Linux system

NOTE: Linux is case sensitive when entering command and file names. 
 

  1. Stop PowerChute Service.
    1. Open a terminal window with root privileges and enter sudo systemctl stop PowerChute
  2. Remove old JAR files from the group1/lib folder.
    1. The default path for PowerChute is /opt/APC/PowerChute/group1
    2. To remove the file cd to /opt/APC/PowerChute/group1/lib
    3. remove spring-aop-5.3.22.jar spring-beans-5.3.22.jar spring-context-5.3.22.jar spring-core-5.3.22.jar spring-expression-5.3.22.jar spring-web-5.3.22.jar
    4. The command is sudo rm -rf spring-*
/opt/APC/PowerChute/group1/lib
  1. Copy in new 5.3.29 Spring JAR files. The files are attached as a zip to this FAQ.
    1. Uncompress the zip and copy the contents of the Spring5.3.29 folder to group1/lib
  2. Start PowerChute service.
    1. From the terminal, as an administrator, enter sudo systemctl start PowerChute
When replacing the spring file on a Linux system that does not have a GUI download the zip to a Windows system and uncompress the folder. Then using a SFTP program (Filezilla, WinSCP) copy the files to the Linux system. The Linux system must have SSH enable to allow a connection. to enable SSH on a Linux run the command systemctl start sshd

Released for: Schneider Electric Hong Kong

Attachment(s)
Spring5.3.29.zip [4.94 MB]
Explore more
Range:
PowerChute Network Shutdown
Explore more
Range:
PowerChute Network Shutdown
Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Explore more
Range:
PowerChute Network Shutdown
Explore more
Range:
PowerChute Network Shutdown

Need help?

  • Product Selector

    Quickly and easily find the right products and accessories for your applications.

  • Get a Quote

    Start your sales enquiry online and an expert will connect with you.

  • Where to buy?

    Easily find the nearest Schneider Electric distributor in your location.

  • Help Centre

    Find support resources for all your needs, in one place.

  • Products Documentation
  • Software Downloads
  • Product Selector
  • Product Substitution and Replacement
  • Help and Contact centre
  • Find our Offices
  • Get a Quote
  • Where to buy
  • Careers
  • Company Profile
  • Report a misconduct
  • Accessibility
  • Newsroom
  • Investors
  • EcoStruxure
  • Job Search
  • Blog
  • Privacy Policy
  • Cookie Notice
  • Terms of use
  • Change your cookie settings
Your browser is out of date and has known security issues.

It also may not display all features of this website or other websites.

Please upgrade your browser to access all of the features of this website.

Latest version for Google Chrome, Mozilla Firefox or Microsoft Edgeis recommended for optimal functionality.