PowerChute has been flagged as vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480
Issue:
PowerChute has been flagged as vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480
Product Lines:
PowerChute Network Shutdown 5.2
PowerChute Serial Shutdown 1.5
Environment:
All supported Operating Systems
Cause:
PowerChute ships with a version of log4j that is less than log4j 2.25.4
Solution:
For PowerChute Network Shutdown version 5.2 on Windows
- Download the attached zip file "PCNS52_Log4j_update.zip", uncompress the zip file.
- Open a command prompt as an administrator.
- Change directory to the PCNS52_Log4j_Update folder that was created when uncompressing PCNS52_Log4j_update.zip.
- Enter the command .\run_update.cmd.
For PowerChute Network Shutdown version 5.2 on Linux
- Download the attached log4j-2.26.0.tar file, and if needed, copy the file to the Linux system.
- Uncompress the log4j-2.26.0.tar file. The command is tar -xvf log4j-2.26.0.tar.
- Stop the PowerChute service. The command is systemctl stop PowerChute
- Change directory to the PowerChute lib directory. The default path is /opt/APC/PowerChute/group1/lib
- Move the log4j2 files to the APC directory. If PowerChute resides in the default path, the command is mv /opt/APC/PowerChute/group1/lib/log4j2* /opt/APC
- Change directory to the log4j-2.26.0 directory that was created when you uncompressed the tar file.
- Copy the log4j-api-2.26.0.jar, log4j-core-2.26.0.jar, log4j-slf4j-impl-2.26.0.jar to the PowerChute lib directory that resides where PowerChute resides. If PowerChute resides in the default path, the command is cp log4j2* /opt/APC/PowerChute/group1/lib
- Start the PowerChute service. The command is systemctl start PowerChute
For PowerChute Serial Shutdown version 1.5 on Windows
- Download the attached zip file "PCSS15_Log4j_Update", uncompress the zip file.
- Open a command prompt as an administrator.
- Change directory to the PCSS15_Log4j_Update folder that was created when uncompressing PCSS15_Log4j_update.zip.
- Enter the command .\run_update.cmd.
For PowerChute Serial Shutdown version 1.5 on Linux
- Download the attached log4j.2.26.0.tar file, and if needed, copy the file to the Linux system.
- Uncompress the file. The command is tar -xvf log4j-2.26.0.tar.
- Stop the PowerChute service. The command is systemctl stop PBEAgent
- Change directory to where PowerChute has been installed. The default path is /opt/APC/PowerChuteSerialShutdown/Agent/
- Move the current log4j files. If PowerChute was installed to the default path, the command is mv /opt/APC/PowerChuteSerialShutdown/Agent/lib/log4j* /opt/APC
- Change directory to the log4j-2.2.6.0 directory that was created when log4.2.26.0.tar was uncompressed.
- Copy the new logj4 files to the PowerChute lib directory. If PowerChute was installed to the default path, the command is cp log4j.* /opt/APC/PowerChuteSerialShutdown/Agent/lib
- Restart the PowerChute service. The command is systemctl start PBEAgent
Released for: Schneider Electric South Africa
Need help?
Product Selector
Quickly and easily find the right products and accessories for your applications.
Get a Quote
Start your sales enquiry online and an expert will connect with you.
Where to buy?
Easily find the nearest Schneider Electric distributor in your location.
Help Centre
Find support resources for all your needs, in one place.