PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-42889| Schneider Electric Norway

Support

Søk i ofte stilte spørsmål

FAQ000246647

Hvordan kan vi hjelpe deg i dag?

PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

Issue:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

NOTE: PCNS only uses StringEscapeUtils.escapeHtml4(String) from the commons-text library. PCNS use this to make some user-provided input (outlet group names, ssh action titles, etc.) safe for display in HTML.

Our testing shows this not vulnerable to the string interpolation issue highlighted by CVE-2022-42889.

If a customer fells they must upgrade because of CVE-2022-42889 have the customer follow the instruction below.

****This FAQ is internal because the CVEs have not been posted to the Cyber Security Portal.
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Product:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3

Environment:
All supported Windows OS
All supported Linux OS

Cause:
Vulnerability in Apache

Solution:

We recommend uninstalling PowerChute Network Shutdown version 4.x and installing version 5.x, which is available at this link.

NOTE: to correct PowerChute version 4.x

1. Download the folder Win-Replacement-files.zip or Linux-Replacement-files.zip that are attached and send the zip and instructions below to the customer.

On Windows
2. Uncompress the folder

3. Open a command prompt as an administrator and stop the PowerChute service. the command is net stop pcns1

4. Go to C:\Program Files\APC\PowerChute\group1\lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Win-Replacement-files folder to C:\Program Files\APC\PowerChute\group1\lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar

6 Restart the PowerChute service. The command is net start pcns1

On Linux

1. Log in as a root user

2. Uncompress the folder Linux-Replacement-files.zip

3. Stop the PowerChute service. the command is systemctl stop PowerChute

4. Go to /opt/APC/PowerChute/group1/lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Linux-Replacement-files folder to /opt/APC/PowerChute/group1/lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar

6 Restart the PowerChute service. The command is systemctl start PowerChute

Publisert for: Schneider Electric Norway

Vedlegg

Linux-Replacement-files.zip

[2.02 MB]

Linux-Replacement-files.zip

[1.83 MB]

Win-Replacement-files.zip

[2.02 MB]

Win-Replacement-files.zip

[1.83 MB]

Publisert:12.12.2022Sist endret:26.2.2025

Produktfamilie:

PowerChute Network Shutdown

Produktfamilie:

PowerChute Network Shutdown

Trenger du hjelp?

Produktvelger

Velg riktige produkt og kompatibelt tilbehør raskt og enkelt.
Be om tilbud

Start din salgsforespørsel online, og vi vil kontakte deg.
Hvor kan du handle?

Finn din nærmeste Schneider Electric-distributør enkelt.
Hjelpesenter

Finn alle nødvendige supportressurser samlet på ett sted.

Publisert for: Schneider Electric Norway

Trenger du hjelp?

Produktvelger

Be om tilbud

Hvor kan du handle?

Hjelpesenter

Produkter

Kundestøtte

Selskap

Hurtigkoblinger

Samarbeidspartnere

Bærekraft

Arrangementer

Innsikt
opens new tab