PowerChute has been flagged as vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480
Issue:
PowerChute has been flagged as vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480
Product Lines:
PowerChute Network Shutdown 5.2
PowerChute Serial Shutdown 1.5
Environment:
All supported Operating Systems
Cause:
PowerChute ships with a version of log4j that is less than log4j 2.25.4
Solution:
For PowerChute Network Shutdown version 5.2 on Windows
- Download the attached zip file "PCNS52_Log4j_update.zip", uncompress the zip file.
- Open a command prompt as an administrator.
- Change directory to the PCNS52_Log4j_Update folder that was created when uncompressing PCNS52_Log4j_update.zip.
- Enter the command .\run_update.cmd.
For PowerChute Network Shutdown version 5.2 on Linux
- Download the attached log4j-2.26.0.tar file, and if needed, copy the file to the Linux system.
- Uncompress the log4j-2.26.0.tar file. The command is tar -xvf log4j-2.26.0.tar.
- Stop the PowerChute service. The command is systemctl stop PowerChute
- Change directory to the PowerChute lib directory. The default path is /opt/APC/PowerChute/group1/lib
- Move the log4j2 files to the APC directory. If PowerChute resides in the default path, the command is mv /opt/APC/PowerChute/group1/lib/log4j2* /opt/APC
- Change directory to the log4j-2.26.0 directory that was created when you uncompressed the tar file.
- Copy the log4j-api-2.26.0.jar, log4j-core-2.26.0.jar, log4j-slf4j-impl-2.26.0.jar to the PowerChute lib directory that resides where PowerChute resides. If PowerChute resides in the default path, the command is cp log4j2* /opt/APC/PowerChute/group1/lib
- Start the PowerChute service. The command is systemctl start PowerChute
For PowerChute Serial Shutdown version 1.5 on Windows
- Download the attached zip file "PCSS15_Log4j_Update", uncompress the zip file.
- Open a command prompt as an administrator.
- Change directory to the PCSS15_Log4j_Update folder that was created when uncompressing PCSS15_Log4j_update.zip.
- Enter the command .\run_update.cmd.
For PowerChute Serial Shutdown version 1.5 on Linux
- Download the attached log4j.2.26.0.tar file, and if needed, copy the file to the Linux system.
- Uncompress the file. The command is tar -xvf log4j-2.26.0.tar.
- Stop the PowerChute service. The command is systemctl stop PBEAgent
- Change directory to where PowerChute has been installed. The default path is /opt/APC/PowerChuteSerialShutdown/Agent/
- Move the current log4j files. If PowerChute was installed to the default path, the command is mv /opt/APC/PowerChuteSerialShutdown/Agent/lib/log4j* /opt/APC
- Change directory to the log4j-2.2.6.0 directory that was created when log4.2.26.0.tar was uncompressed.
- Copy the new logj4 files to the PowerChute lib directory. If PowerChute was installed to the default path, the command is cp log4j.* /opt/APC/PowerChuteSerialShutdown/Agent/lib
- Restart the PowerChute service. The command is systemctl start PBEAgent
Опубліковано для: Schneider Electric Україна
Потрібна допомога?
Почніть тут!
Знайдіть відповіді зараз. Шукайте рішення самостійно або зверніться до нашого експерта.
Звернутися до служби підтримки
Якщо вам потрібна допомога, додаткова інформація чи технічна підтримка або ви хочете подати скаргу, зв’яжіться з нашою командою з обслуговування клієнтів.
Де придбати?
Зручний пошук найближчого дистриб’ютора, магазина або спеціалізованого партнера Schneider Electric у вашому регіоні.
Переглянути відповіді на поширені запитання
Отримайте необхідну інформацію, переглянувши відповіді на поширені запитання за відповідними темами.