PowerChute has been flagged as vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480

Issue:

PowerChute has been flagged as vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480

Product Lines:

PowerChute Network Shutdown 5.2

PowerChute Serial Shutdown 1.5

Environment:

All supported Operating Systems

Cause:

PowerChute ships with a version of log4j that is less than log4j 2.25.4

Solution:

For PowerChute Network Shutdown version 5.2 on Windows

1. Download the attached zip file "PCNS52_Log4j_update.zip", uncompress the zip file.
2. Open a command prompt as an administrator.
3. Change directory to the PCNS52_Log4j_Update folder that was created when uncompressing PCNS52_Log4j_update.zip.
4. Enter the command .\run_update.cmd.

For PowerChute Network Shutdown version 5.2 on Linux

1. Download the attached log4j-2.26.0.tar file, and if needed, copy the file to the Linux system.
2. Uncompress the log4j-2.26.0.tar file. The command is tar -xvf log4j-2.26.0.tar.
3. Stop the PowerChute service. The command is systemctl stop PowerChute
4. Change directory to the PowerChute lib directory. The default path is /opt/APC/PowerChute/group1/lib
5. Move the log4j2 files to the APC directory. If PowerChute resides in the default path, the command is mv /opt/APC/PowerChute/group1/lib/log4j2* /opt/APC
6. Change directory to the log4j-2.26.0 directory that was created when you uncompressed the tar file.
7. Copy the log4j-api-2.26.0.jar, log4j-core-2.26.0.jar, log4j-slf4j-impl-2.26.0.jar to the PowerChute lib directory that resides where PowerChute resides. If PowerChute resides in the default path, the command is cp log4j2* /opt/APC/PowerChute/group1/lib
8. Start the PowerChute service. The command is systemctl start PowerChute

For PowerChute Serial Shutdown version 1.5 on Windows

1. Download the attached zip file "PCSS15_Log4j_Update", uncompress the zip file.
2. Open a command prompt as an administrator.
3. Change directory to the PCSS15_Log4j_Update folder that was created when uncompressing PCSS15_Log4j_update.zip.
4. Enter the command .\run_update.cmd.

For PowerChute Serial Shutdown version 1.5 on Linux

1. Download the attached log4j.2.26.0.tar file, and if needed, copy the file to the Linux system.
2. Uncompress the file. The command is tar -xvf log4j-2.26.0.tar.
3. Stop the PowerChute service. The command is systemctl stop PBEAgent
4. Change directory to where PowerChute has been installed. The default path is /opt/APC/PowerChuteSerialShutdown/Agent/
5. Move the current log4j files. If PowerChute was installed to the default path, the command is mv /opt/APC/PowerChuteSerialShutdown/Agent/lib/log4j* /opt/APC
6. Change directory to the log4j-2.2.6.0 directory that was created when log4.2.26.0.tar was uncompressed.
7. Copy the new logj4 files to the PowerChute lib directory. If PowerChute was installed to the default path, the command is cp log4j.* /opt/APC/PowerChuteSerialShutdown/Agent/lib
8. Restart the PowerChute service. The command is systemctl start PBEAgent

Đã phát hành cho: Schneider Electric Việt Nam