As nossas marcas

Impact-Company-Logo-English Black-01-177x54

Bem-vindo ao website da Schneider Electric

Bem-vindo ao nosso site.
		
Como o podemos ajudar hoje?
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

Issue:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

NOTE: PCNS only uses StringEscapeUtils.escapeHtml4(String) from the commons-text library. PCNS use this to make some user-provided input (outlet group names, ssh action titles, etc.) safe for display in HTML.

Our testing shows this not vulnerable to the string interpolation issue highlighted by CVE-2022-42889.

If a customer fells they must upgrade because of CVE-2022-42889 have the customer follow the instruction below.

****This FAQ is internal because the CVEs have not been posted to the Cyber Security Portal.
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Product:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3

Environment:
All supported Windows OS
All supported Linux OS

Cause:
Vulnerability in Apache

Solution:

We recommend uninstalling PowerChute Network Shutdown version 4.x and installing version 5.x, which is available at this link.

NOTE: to correct PowerChute version 4.x


1. Download the folder Win-Replacement-files.zip or Linux-Replacement-files.zip that are attached and send the zip and instructions below to the customer.

On Windows
2. Uncompress the folder

3. Open a command prompt as an administrator and stop the PowerChute service. the command is net stop pcns1

4. Go to C:\Program Files\APC\PowerChute\group1\lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Win-Replacement-files folder to C:\Program Files\APC\PowerChute\group1\lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar


6 Restart the PowerChute service. The command is net start pcns1

On Linux

1. Log in as a root user

2. Uncompress the folder Linux-Replacement-files.zip

3. Stop the PowerChute service. the command is systemctl stop PowerChute

4. Go to /opt/APC/PowerChute/group1/lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Linux-Replacement-files folder to /opt/APC/PowerChute/group1/lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar


6 Restart the PowerChute service. The command is systemctl start PowerChute

Schneider Electric Portugal

Anexo(s)
Linux-Replacement-files.zip [2.02 MB]
Linux-Replacement-files.zip [1.83 MB]
Win-Replacement-files.zip [2.02 MB]
Win-Replacement-files.zip [1.83 MB]
Explorar mais
Gama:
Explorar mais
Gama:

Precisa de ajuda?

  • Ferramenta de seleção de produtos

    Encontre rápida e facilmente os produtos e acessórios certos para as suas aplicações.

  • Obter um Orçamento

    Inicie o seu pedido de contacto online e um especialista irá contactá-lo.

  • Onde adquirir?

    Encontre facilmente o distribuidor mais próximo da Schneider Electric perto de si.

  • Centro de ajuda

    Encontre recursos de apoio para todas as suas necessidades, num único local.

  • Documentação dos Produtos
  • Transferências de Software
  • Ferramenta de Seleção de Produtos
  • Substituição e Troca do Produto
  • Centro de Ajuda e de Contacto
  • Encontre os nossos escritórios
  • Obter um orçamento
  • Onde adquirir
  • Carreiras
  • Perfil da empresa
  • Comunicar uma má conduta
  • Acessibilidade
  • Newsroom
  • Investidores
  • EcoStruxure
  • Pesquisa de emprego
  • Blogue
  • Política de privacidade
  • Aviso sobre Cookies
  • Termos de utilização
  • Alterar suas configurações de cookie