Issue:
PowerChute Network Shutdown is affected by the recent Log4Shell vulnerabilities and vulnerabilities in other 3rd party libraries as listed below:
Log4J:
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
Jetty:
[CVE-2021-34428](https://nvd.nist.gov/vuln/detail/CVE-2021-34428)
[CVE-2021-28169](https://nvd.nist.gov/vuln/detail/CVE-2021-28169)
[CVE-2021-28165](https://nvd.nist.gov/vuln/detail/CVE-2021-28165)
[CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
[CVE-2020-27218](https://nvd.nist.gov/vuln/detail/CVE-2020-27218)
[CVE-2020-27216](https://nvd.nist.gov/vuln/detail/CVE-2020-27216)
Spring Framework
[CVE-2020-5398](https://nvd.nist.gov/vuln/detail/CVE-2020-5398)
[CVE-2020-5421](https://nvd.nist.gov/vuln/detail/CVE-2020-5421)
Commons Compress:
[CVE-2021-36090](https://nvd.nist.gov/vuln/detail/CVE-2021-36090)
[CVE-2021-35517](https://nvd.nist.gov/vuln/detail/CVE-2021-35517)
[CVE-2021-35516](https://nvd.nist.gov/vuln/detail/CVE-2021-35516)
[CVE-2021-35515](https://nvd.nist.gov/vuln/detail/CVE-2021-35515)
[CVE-2019-12402](https://nvd.nist.gov/vuln/detail/CVE-2019-12402)
[CVE-2018-11771](https://nvd.nist.gov/vuln/detail/CVE-2018-11771)
For assistance with CVE-2022-33980 & CVE-2022-42889 see PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889
Products:
PowerChute Network Shutdown v4.3, v4.4, v4.4.1
For PowerChute Network Shutdown version 4.2, see Schneider Electric FAQ PowerChute Network Shutdown version 4.2 Scripts to Mitigate Log4Shell Vulnerabilities – CVE-2021-44228, CVE-2021-45046.
Environment:
All supported OS for the versions of PowerChute Network Shutdown are listed above.
Cause:
PowerChute Network Shutdown contains some vulnerable 3rd party libraries that are outdated. For more information, please refer to the NVD URLs of the respective CVEs.
Solution:
Uninstall PowerChute Network Shutdown version 4.x and install PowerChute Network Shutdown version 5.x.
Or download the relevant files for your product and follow the readme file instructions.
For PowerChute Network Shutdown version 4.3, download patch_4.3.1_en.zip
For PowerChute Network Shutdown version 4.4, download patch_4.4.0.3_en.zip
For PowerChute Network Shutdown version 4.4.1, download patch_4.4.2_en.zip
The files contain scripts that will remove the vulnerable 3rd party libraries and replace them with updated versions that address the CVEs listed above.
The zip files contain updated pcns.jar, jetty 9.4.43, commons-compress 1.21, and log4j 2.17.1 jar files.
On Windows OS:
On Linux systems:
PowerChute virtual appliance is AlmaLinux based replacing CentOS 8.
NOTE: The PowerChute Network Shutdown Linux scripts are designed for all supported versions of Linux, Solaris, AIX, HP-UX, and Mac OS.
PowerChute Network Shutdown is affected by the recent Log4Shell vulnerabilities and vulnerabilities in other 3rd party libraries as listed below:
Log4J:
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
Jetty:
[CVE-2021-34428](https://nvd.nist.gov/vuln/detail/CVE-2021-34428)
[CVE-2021-28169](https://nvd.nist.gov/vuln/detail/CVE-2021-28169)
[CVE-2021-28165](https://nvd.nist.gov/vuln/detail/CVE-2021-28165)
[CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
[CVE-2020-27218](https://nvd.nist.gov/vuln/detail/CVE-2020-27218)
[CVE-2020-27216](https://nvd.nist.gov/vuln/detail/CVE-2020-27216)
Spring Framework
[CVE-2020-5398](https://nvd.nist.gov/vuln/detail/CVE-2020-5398)
[CVE-2020-5421](https://nvd.nist.gov/vuln/detail/CVE-2020-5421)
Commons Compress:
[CVE-2021-36090](https://nvd.nist.gov/vuln/detail/CVE-2021-36090)
[CVE-2021-35517](https://nvd.nist.gov/vuln/detail/CVE-2021-35517)
[CVE-2021-35516](https://nvd.nist.gov/vuln/detail/CVE-2021-35516)
[CVE-2021-35515](https://nvd.nist.gov/vuln/detail/CVE-2021-35515)
[CVE-2019-12402](https://nvd.nist.gov/vuln/detail/CVE-2019-12402)
[CVE-2018-11771](https://nvd.nist.gov/vuln/detail/CVE-2018-11771)
For assistance with CVE-2022-33980 & CVE-2022-42889 see PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889
Products:
PowerChute Network Shutdown v4.3, v4.4, v4.4.1
For PowerChute Network Shutdown version 4.2, see Schneider Electric FAQ PowerChute Network Shutdown version 4.2 Scripts to Mitigate Log4Shell Vulnerabilities – CVE-2021-44228, CVE-2021-45046.
Environment:
All supported OS for the versions of PowerChute Network Shutdown are listed above.
Cause:
PowerChute Network Shutdown contains some vulnerable 3rd party libraries that are outdated. For more information, please refer to the NVD URLs of the respective CVEs.
Solution:
Uninstall PowerChute Network Shutdown version 4.x and install PowerChute Network Shutdown version 5.x.
Or download the relevant files for your product and follow the readme file instructions.
For PowerChute Network Shutdown version 4.3, download patch_4.3.1_en.zip
For PowerChute Network Shutdown version 4.4, download patch_4.4.0.3_en.zip
For PowerChute Network Shutdown version 4.4.1, download patch_4.4.2_en.zip
The files contain scripts that will remove the vulnerable 3rd party libraries and replace them with updated versions that address the CVEs listed above.
The zip files contain updated pcns.jar, jetty 9.4.43, commons-compress 1.21, and log4j 2.17.1 jar files.
On Windows OS:
- Extract the zip file contents.
- Open a command prompt as an administrator.
- Change directory to the folder where you extracted the files.
- Run the run_patch.cmd file.
- The script will remove the old 3rd party libraries and install newer versions that address the CVEs. The script will also update the pcns.jar file.
On Linux systems:
- Extract the zip file contents. If you extracted the zip file on a Windows system, copy the pcns_patch.sh and the files folder to the Linux system.
- Open a terminal prompt or connect to the Linux system via SSH and change the directory to the location of the extracted files.
- Run the command “sudo chmod +x pcns_patch.sh” to make the file executable.
- Run the command “sudo ./pcns_patch.sh” to apply the updates. The script will stop the PowerChute service, remove the old libraries, install the new library files to the appropriate directories, and restart the PowerChute service.
PowerChute virtual appliance is AlmaLinux based replacing CentOS 8.
NOTE: The PowerChute Network Shutdown Linux scripts are designed for all supported versions of Linux, Solaris, AIX, HP-UX, and Mac OS.
Released for: Schneider Electric Philippines
Issue:
PowerChute Network Shutdown is affected by the recent Log4Shell vulnerabilities and vulnerabilities in other 3rd party libraries as listed below:
Log4J:
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
Jetty:
[CVE-2021-34428](https://nvd.nist.gov/vuln/detail/CVE-2021-34428)
[CVE-2021-28169](https://nvd.nist.gov/vuln/detail/CVE-2021-28169)
[CVE-2021-28165](https://nvd.nist.gov/vuln/detail/CVE-2021-28165)
[CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
[CVE-2020-27218](https://nvd.nist.gov/vuln/detail/CVE-2020-27218)
[CVE-2020-27216](https://nvd.nist.gov/vuln/detail/CVE-2020-27216)
Spring Framework
[CVE-2020-5398](https://nvd.nist.gov/vuln/detail/CVE-2020-5398)
[CVE-2020-5421](https://nvd.nist.gov/vuln/detail/CVE-2020-5421)
Commons Compress:
[CVE-2021-36090](https://nvd.nist.gov/vuln/detail/CVE-2021-36090)
[CVE-2021-35517](https://nvd.nist.gov/vuln/detail/CVE-2021-35517)
[CVE-2021-35516](https://nvd.nist.gov/vuln/detail/CVE-2021-35516)
[CVE-2021-35515](https://nvd.nist.gov/vuln/detail/CVE-2021-35515)
[CVE-2019-12402](https://nvd.nist.gov/vuln/detail/CVE-2019-12402)
[CVE-2018-11771](https://nvd.nist.gov/vuln/detail/CVE-2018-11771)
For assistance with CVE-2022-33980 & CVE-2022-42889 see PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889
Products:
PowerChute Network Shutdown v4.3, v4.4, v4.4.1
For PowerChute Network Shutdown version 4.2, see Schneider Electric FAQ PowerChute Network Shutdown version 4.2 Scripts to Mitigate Log4Shell Vulnerabilities – CVE-2021-44228, CVE-2021-45046.
Environment:
All supported OS for the versions of PowerChute Network Shutdown are listed above.
Cause:
PowerChute Network Shutdown contains some vulnerable 3rd party libraries that are outdated. For more information, please refer to the NVD URLs of the respective CVEs.
Solution:
Uninstall PowerChute Network Shutdown version 4.x and install PowerChute Network Shutdown version 5.x.
Or download the relevant files for your product and follow the readme file instructions.
For PowerChute Network Shutdown version 4.3, download patch_4.3.1_en.zip
For PowerChute Network Shutdown version 4.4, download patch_4.4.0.3_en.zip
For PowerChute Network Shutdown version 4.4.1, download patch_4.4.2_en.zip
The files contain scripts that will remove the vulnerable 3rd party libraries and replace them with updated versions that address the CVEs listed above.
The zip files contain updated pcns.jar, jetty 9.4.43, commons-compress 1.21, and log4j 2.17.1 jar files.
On Windows OS:
On Linux systems:
PowerChute virtual appliance is AlmaLinux based replacing CentOS 8.
NOTE: The PowerChute Network Shutdown Linux scripts are designed for all supported versions of Linux, Solaris, AIX, HP-UX, and Mac OS.
PowerChute Network Shutdown is affected by the recent Log4Shell vulnerabilities and vulnerabilities in other 3rd party libraries as listed below:
Log4J:
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
Jetty:
[CVE-2021-34428](https://nvd.nist.gov/vuln/detail/CVE-2021-34428)
[CVE-2021-28169](https://nvd.nist.gov/vuln/detail/CVE-2021-28169)
[CVE-2021-28165](https://nvd.nist.gov/vuln/detail/CVE-2021-28165)
[CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
[CVE-2020-27218](https://nvd.nist.gov/vuln/detail/CVE-2020-27218)
[CVE-2020-27216](https://nvd.nist.gov/vuln/detail/CVE-2020-27216)
Spring Framework
[CVE-2020-5398](https://nvd.nist.gov/vuln/detail/CVE-2020-5398)
[CVE-2020-5421](https://nvd.nist.gov/vuln/detail/CVE-2020-5421)
Commons Compress:
[CVE-2021-36090](https://nvd.nist.gov/vuln/detail/CVE-2021-36090)
[CVE-2021-35517](https://nvd.nist.gov/vuln/detail/CVE-2021-35517)
[CVE-2021-35516](https://nvd.nist.gov/vuln/detail/CVE-2021-35516)
[CVE-2021-35515](https://nvd.nist.gov/vuln/detail/CVE-2021-35515)
[CVE-2019-12402](https://nvd.nist.gov/vuln/detail/CVE-2019-12402)
[CVE-2018-11771](https://nvd.nist.gov/vuln/detail/CVE-2018-11771)
For assistance with CVE-2022-33980 & CVE-2022-42889 see PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889
Products:
PowerChute Network Shutdown v4.3, v4.4, v4.4.1
For PowerChute Network Shutdown version 4.2, see Schneider Electric FAQ PowerChute Network Shutdown version 4.2 Scripts to Mitigate Log4Shell Vulnerabilities – CVE-2021-44228, CVE-2021-45046.
Environment:
All supported OS for the versions of PowerChute Network Shutdown are listed above.
Cause:
PowerChute Network Shutdown contains some vulnerable 3rd party libraries that are outdated. For more information, please refer to the NVD URLs of the respective CVEs.
Solution:
Uninstall PowerChute Network Shutdown version 4.x and install PowerChute Network Shutdown version 5.x.
Or download the relevant files for your product and follow the readme file instructions.
For PowerChute Network Shutdown version 4.3, download patch_4.3.1_en.zip
For PowerChute Network Shutdown version 4.4, download patch_4.4.0.3_en.zip
For PowerChute Network Shutdown version 4.4.1, download patch_4.4.2_en.zip
The files contain scripts that will remove the vulnerable 3rd party libraries and replace them with updated versions that address the CVEs listed above.
The zip files contain updated pcns.jar, jetty 9.4.43, commons-compress 1.21, and log4j 2.17.1 jar files.
On Windows OS:
- Extract the zip file contents.
- Open a command prompt as an administrator.
- Change directory to the folder where you extracted the files.
- Run the run_patch.cmd file.
- The script will remove the old 3rd party libraries and install newer versions that address the CVEs. The script will also update the pcns.jar file.
On Linux systems:
- Extract the zip file contents. If you extracted the zip file on a Windows system, copy the pcns_patch.sh and the files folder to the Linux system.
- Open a terminal prompt or connect to the Linux system via SSH and change the directory to the location of the extracted files.
- Run the command “sudo chmod +x pcns_patch.sh” to make the file executable.
- Run the command “sudo ./pcns_patch.sh” to apply the updates. The script will stop the PowerChute service, remove the old libraries, install the new library files to the appropriate directories, and restart the PowerChute service.
PowerChute virtual appliance is AlmaLinux based replacing CentOS 8.
NOTE: The PowerChute Network Shutdown Linux scripts are designed for all supported versions of Linux, Solaris, AIX, HP-UX, and Mac OS.
Released for: Schneider Electric Philippines
Need help?
Product Selector
Quickly and easily find the right products and accessories for your applications.
Get a Quote
Start your sales inquiry online and an expert will connect with you.
Where to buy?
Easily find the nearest Schneider Electric distributor in your location.
Help Center
Find support resources for all your needs, in one place.
责任和创新如何推动世世代代的可持续发展?
施耐德电气致力于在气候积极的世界中,利用每一代人的经验和力量,以责任感和创新推动可持续发展。作为全球最多元化、最包容、最公平的公司之一,施耐德电气深知,应对气候问题是一项多代人的追求,需要坚定的能源管理承诺来推动。优秀的人才成就卓越的施耐德电气,在这里,机会无处不在且员工的价值主张也会被认可。我们的EcoStruxure软件和解决方案通过持续的投资和开发帮助我们实现绿色增长,我们助力每一代人学习、数字升级和职业发展,将他们带入可持续的未来。我们的人才群体打算通过转向更可持续的生活方式并实施严格的政策来保护我们的地球,成为气候变化解决方案的一部分。探索我们的代际承诺,为环境、可持续性和治理制定雄心勃勃的转型计划,以实现绿色影响和包容性目标。我们的使命是赋能当代人最大化利用能源和资源,通过我们的个人生活和经验,为其他物种及后代创造或将大胆构想变为现实。施耐德电气旨在通过负责任地促进和培育全球乃至整个社会的数字化发展,培训员工,让员工能够自由创新,从而加速代际的可持续发展。