You are currently viewing the content available in Vietnam. If you are looking for information for another region, please select the correct country from the top-left dropdown in the page and 'Navigate to Browse FAQs' in the Support menu.
Issue:
PowerChute Network Shutdown version 4.2 is affected by Log4Shell vulnerabilities CVE-2021-44228 and CVE-2021-45046.
Products:
PowerChute Network Shutdown v4.2
For PowerChute Network Shutdown versions 4.3, 4.4, 4.4.1 see Schneider Electric FAQ PowerChute Network Shutdown Scripts to Mitigate Multiple CVEs Including Log4Shell Vulnerabilities
Environment:
All supported OS for the versions of PowerChute Network Shutdown version 4.2
Cause:
PowerChute Network Shutdown contain a vulnerable version of the log4j-core jar file. For more information, please refer to this security bulletin.
Solution:
Download attached 4.2.0.1 scripts that remove the vulnerable log4j2
On Windows OS, to run the PCNS patch, un-compress the zip, open a command prompt as an administrator, cd to the folder where the uncompressed files reside, run the command run_patch.cmd. The patch will remove the old log4j files and install log4j 2.17. The patch will also update the pcns.jar file.
PowerChute Network, Shutdown Windows scripts, are designed for all supported versions of Windows OS.
On Linux systems, uncompress the zip file. Then if uncompressed on a Windows system, copy the log4jPatch.sh and the files folder to the Linux system. Once the files have been copied, open a terminal window and cd to the directory, the files have been copied to. Run the command sudo chmod 775 log4jPatch.sh to make the file executable. Then run the command sudo ./log4jPatch.sh to run the patch. The patch will stop the PowerChute service, copy a new pcns.jar file and new log4j 2.17 file to the appropriate directories and then restart PowerChute.
PowerChute Network, Shutdown Linux scripts, are designed for all supported versions of Linux, ESXi, Solaris, AIX, HPUX, and MacOS.
PowerChute Network Shutdown version 4.2 is affected by Log4Shell vulnerabilities CVE-2021-44228 and CVE-2021-45046.
Products:
PowerChute Network Shutdown v4.2
For PowerChute Network Shutdown versions 4.3, 4.4, 4.4.1 see Schneider Electric FAQ PowerChute Network Shutdown Scripts to Mitigate Multiple CVEs Including Log4Shell Vulnerabilities
Environment:
All supported OS for the versions of PowerChute Network Shutdown version 4.2
Cause:
PowerChute Network Shutdown contain a vulnerable version of the log4j-core jar file. For more information, please refer to this security bulletin.
Solution:
Download attached 4.2.0.1 scripts that remove the vulnerable log4j2
On Windows OS, to run the PCNS patch, un-compress the zip, open a command prompt as an administrator, cd to the folder where the uncompressed files reside, run the command run_patch.cmd. The patch will remove the old log4j files and install log4j 2.17. The patch will also update the pcns.jar file.
PowerChute Network, Shutdown Windows scripts, are designed for all supported versions of Windows OS.
On Linux systems, uncompress the zip file. Then if uncompressed on a Windows system, copy the log4jPatch.sh and the files folder to the Linux system. Once the files have been copied, open a terminal window and cd to the directory, the files have been copied to. Run the command sudo chmod 775 log4jPatch.sh to make the file executable. Then run the command sudo ./log4jPatch.sh to run the patch. The patch will stop the PowerChute service, copy a new pcns.jar file and new log4j 2.17 file to the appropriate directories and then restart PowerChute.
PowerChute Network, Shutdown Linux scripts, are designed for all supported versions of Linux, ESXi, Solaris, AIX, HPUX, and MacOS.