Hôm nay chúng tôi có thể giúp gì cho bạn?

PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

Issue:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

NOTE: PCNS only uses StringEscapeUtils.escapeHtml4(String) from the commons-text library. PCNS use this to make some user-provided input (outlet group names, ssh action titles, etc.) safe for display in HTML.

Our testing shows this not vulnerable to the string interpolation issue highlighted by CVE-2022-42889.

If a customer fells they must upgrade because of CVE-2022-42889 have the customer follow the instruction below.

****This FAQ is internal because the CVEs have not been posted to the Cyber Security Portal.
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Product:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3

Environment:
All supported Windows OS
All supported Linux OS

Cause:
Vulnerability in Apache

Solution:

We recommend uninstalling PowerChute Network Shutdown version 4.x and installing version 5.x, which is available at this link. https://www.se.com/us/en/product-range/61933-powerchute-network-shutdown/104358239448-powerchute-subscriptions/#overview

NOTE: to correct PowerChute version 4.x


1. Download the folder Win-Replacement-files.zip or Linux-Replacement-files.zip that are attached and send the zip and instructions below to the customer.

On Windows
2. Uncompress the folder

3. Open a command prompt as an administrator and stop the PowerChute service. the command is net stop pcns1

4. Go to C:\Program Files\APC\PowerChute\group1\lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Win-Replacement-files folder to C:\Program Files\APC\PowerChute\group1\lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar


6 Restart the PowerChute service. The command is net start pcns1

On Linux

1. Log in as a root user

2. Uncompress the folder Linux-Replacement-files.zip

3. Stop the PowerChute service. the command is systemctl stop PowerChute

4. Go to /opt/APC/PowerChute/group1/lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Linux-Replacement-files folder to /opt/APC/PowerChute/group1/lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar


6 Restart the PowerChute service. The command is systemctl start PowerChute

Schneider Electric Việt Nam

Phần đính kèm
Linux-Replacement-files.zip [1.83 MB]
Linux-Replacement-files.zip [2.02 MB]
Win-Replacement-files.zip [1.83 MB]
Win-Replacement-files.zip [2.02 MB]
Tìm hiểu thêm
Phạm vi:
Tìm hiểu thêm
Phạm vi:
  • Tài liệu về Sản phẩm
  • Tải xuống phần mềm
  • Công cụ chọn Sản phẩm
  • Thay thế và thay đổi sản phẩm
  • Trung tâm Hỗ trợ
  • Tìm Văn phòng của chúng tôi
  • Nhận báo giá
  • Tìm Nhà Phân phối
  • Cộng đồng Schneider Electric
  • Cơ hội nghề nghiệp
  • Hồ sơ doanh nghiệp
  • Báo cáo hành vi sai trái
  • Khả năng truy cập
  • Phòng tin tức
  • Nhà đầu tư
  • EcoStruxure
  • Tìm việc
  • Blog
  • Chính sách bảo mật
  • Thông báo về Cookie
  • Điều khoản sử dụng
  • Change your cookie settings