{}

Our Brands

Impact-Company-Logo-English Black-01-177x54

Welcome to the Schneider Electric Website

Welcome to our website.
Search FAQs
You are currently viewing the content available in Vietnam. If you are looking for information for another region, please select the correct country from the top-left dropdown in the page and 'Navigate to Browse FAQs' in the Support menu.
PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)
Issue:
PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)

Product Line:
PowerChute Network Shutdown (PCNS) version 4.2

Environment:
All supported OS

Cause:
PCNS 4.2 supports the following ciphers (you can see this by running an SSLScan on port 6547):

Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA

The DES-CBC3-SHA cipher is the one which is getting flagged by PCI security compliance for CVE-2016-2183


Solution:
Update PCNS 4.2 to the latest version.


Oryou can disable the use of this cipher as follows:


On Windows

1. Stop the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net stop pcns1

2. In the PowerChute Network Shutdown JRE folder located in (C:\Program Files\APC\PowerChute\jre_x64), open the file lib\security\java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net start pcns1

On Linux

1. Stop the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute stop

2. In the PowerChute Network Shutdown JRE folder located in (/opt/APC/PowerChute/jre1.8.0_91), open the file /lib/security/java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute start

Schneider Electric Vietnam

Explore more
Range:
Articles that might be helpful Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Explore more
Range: