{}

Our Brands

Impact-Company-Logo-English Black-01-177x54

Welcome to the Schneider Electric Website

Welcome to our website.
Search FAQs
PowerChute Network Shutdown v4.4.1 - OpenJDK 15 EDCSA vulnerability
Issue:
PowerChute Network Shutdown v4.4.1 ships with OpenJDK 15 which includes an EDCSA vulnerability (CVE-2022-21449) as reported here.

Product:
PowerChute Network Shutdown v4.4.1

Environment:
All supported operating systems

Solution:
Upgrade the Java version used by PowerChute to OpenJDK 17.0.3.

Vulnerable cipher suites:
NONEwithECDSA
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
SHA3-224withECDSA
SHA3-256withECDSA
SHA3-384withECDSA
SHA3-512withECDSA
NONEwithECDSAinP1363Format
SHA1withECDSAinP1363Format
SHA224withECDSAinP1363Format
SHA256withECDSAinP1363Format
SHA384withECDSAinP1363Format
SHA512withECDSAinP1363Format
SHA3-224withECDSAinP1363Format
SHA3-256withECDSAinP1363Format
SHA3-384withECDSAinP1363Format
SHA3-512withECDSAinP1363Format

NOTE: PowerChute does not use any of the above cipher suites for its web server and is therefore not vulnerable to the issue. For added assurance, you can upgrade to OpenJDK 17.0.3.


Schneider Electric Nigeria

Explore more
Range:
Articles that might be helpful Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Explore more
Range: