Nhãn hiệu của chúng tôi

Impact-Company-Logo-English Black-01-177x54

Chào mừng bạn đến với Trang web của Schneider Electric

Chào mừng đến với trang web của chúng tôi.
		
Hôm nay chúng tôi có thể giúp gì cho bạn?
PowerChute Network Shutdown Scripts to Mitigate Multiple CVEs Including Log4Shell Vulnerabilities

Issue:
PowerChute Network Shutdown is affected by the recent Log4Shell vulnerabilities and vulnerabilities in other 3rd party libraries as listed below:

Log4J:
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
Jetty:
[CVE-2021-34428](https://nvd.nist.gov/vuln/detail/CVE-2021-34428)
[CVE-2021-28169](https://nvd.nist.gov/vuln/detail/CVE-2021-28169)
[CVE-2021-28165](https://nvd.nist.gov/vuln/detail/CVE-2021-28165)
[CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
[CVE-2020-27218](https://nvd.nist.gov/vuln/detail/CVE-2020-27218)
[CVE-2020-27216](https://nvd.nist.gov/vuln/detail/CVE-2020-27216)
Spring Framework
[CVE-2020-5398](https://nvd.nist.gov/vuln/detail/CVE-2020-5398)
[CVE-2020-5421](https://nvd.nist.gov/vuln/detail/CVE-2020-5421)

Commons Compress:
[CVE-2021-36090](https://nvd.nist.gov/vuln/detail/CVE-2021-36090)
[CVE-2021-35517](https://nvd.nist.gov/vuln/detail/CVE-2021-35517)
[CVE-2021-35516](https://nvd.nist.gov/vuln/detail/CVE-2021-35516)
[CVE-2021-35515](https://nvd.nist.gov/vuln/detail/CVE-2021-35515)
[CVE-2019-12402](https://nvd.nist.gov/vuln/detail/CVE-2019-12402)
[CVE-2018-11771](https://nvd.nist.gov/vuln/detail/CVE-2018-11771)

For assistance with CVE-2022-33980 & CVE-2022-42889 see PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

Products:
PowerChute Network Shutdown v4.3, v4.4, v4.4.1

For PowerChute Network Shutdown version 4.2, see Schneider Electric FAQ PowerChute Network Shutdown version 4.2 Scripts to Mitigate Log4Shell Vulnerabilities – CVE-2021-44228, CVE-2021-45046.

Environment:
All supported OS for the versions of PowerChute Network Shutdown are listed above.

Cause:
PowerChute Network Shutdown contains some vulnerable 3rd party libraries that are outdated. For more information, please refer to the NVD URLs of the respective CVEs.

Solution:
Uninstall PowerChute Network Shutdown version 4.x and install PowerChute Network Shutdown version 5.x.


Or download the relevant files for your product and follow the readme file instructions.

For PowerChute Network Shutdown version 4.3, download patch_4.3.1_en.zip
For PowerChute Network Shutdown version 4.4, download patch_4.4.0.3_en.zip
For PowerChute Network Shutdown version 4.4.1, download patch_4.4.2_en.zip
The files contain scripts that will remove the vulnerable 3rd party libraries and replace them with updated versions that address the CVEs listed above.
The zip files contain updated pcns.jar, jetty 9.4.43, commons-compress 1.21, and log4j 2.17.1 jar files.

On Windows OS:

  1. Extract the zip file contents.
  2. Open a command prompt as an administrator.
  3. Change directory to the folder where you extracted the files.
  4. Run the run_patch.cmd file.
  5. The script will remove the old 3rd party libraries and install newer versions that address the CVEs. The script will also update the pcns.jar file.

The PowerChute Network Shutdown Windows scripts are designed for all supported versions of Windows OS.
On Linux systems:

  1. Extract the zip file contents. If you extracted the zip file on a Windows system, copy the pcns_patch.sh and the files folder to the Linux system.
  2. Open a terminal prompt or connect to the Linux system via SSH and change the directory to the location of the extracted files.
  3. Run the command “sudo chmod +x pcns_patch.sh” to make the file executable.
  4. Run the command “sudo ./pcns_patch.sh” to apply the updates. The script will stop the PowerChute service, remove the old libraries, install the new library files to the appropriate directories, and restart the PowerChute service.

For the PowerChute Network Shutdown 4.4.1 virtual appliance, download the new PowerChute 4.4.2 VM
PowerChute virtual appliance is AlmaLinux based replacing CentOS 8.


NOTE: The PowerChute Network Shutdown Linux scripts are designed for all supported versions of Linux, Solaris, AIX, HP-UX, and Mac OS.

Schneider Electric Việt Nam

Phần đính kèm
patch_4.4.0.3_en.zip [11.14 MB]
patch_4.4.2_en.zip [11.18 MB]
patch_4.4.0.3_en.zip.SHA-512.txt [152 Bytes]
patch_4.4.2_en.zip_SHA-512.txt [150 Bytes]
patch_4.3.1_en.zip [6.83 MB]
patch_4.3.1_en.zip.SHA-512.txt [150 Bytes]
Tìm hiểu thêm
Phạm vi:
Tìm hiểu thêm
Phạm vi:

Bạn cần trợ giúp?

  • Công cụ chọn sản phẩm

    Nhanh chóng và dễ dàng tìm được sản phẩm và phụ kiện phù hợp cho các ứng dụng của bạn.

  • Nhận báo giá

    Bắt đầu gửi yêu cầu bán hàng trực tuyến và chuyên gia sẽ liên hệ với bạn.

  • Nơi mua hàng?

    Dễ dàng tìm nhà phân phối Schneider Electric gần bạn nhất.

  • Trung tâm Hỗ trợ

    Tìm sự hỗ trợ cho mọi nhu cầu của bạn tại một nơi.

  • Tài liệu về Sản phẩm
  • Tải xuống phần mềm
  • Công cụ chọn Sản phẩm
  • Thay thế và thay đổi sản phẩm
  • Trung tâm Hỗ trợ
  • Tìm Văn phòng của chúng tôi
  • Nhận báo giá
  • Tìm Nhà Phân phối
  • Cơ hội nghề nghiệp
  • Hồ sơ doanh nghiệp
  • Báo cáo hành vi sai trái
  • Khả năng truy cập
  • Phòng tin tức
  • Nhà đầu tư
  • EcoStruxure
  • Tìm việc
  • Blog
  • Chính sách bảo mật
  • Thông báo về Cookie
  • Điều khoản sử dụng
  • Change your cookie settings