{}

Our Brands

Impact-Company-Logo-English Black-01-177x54

Welcome to the Schneider Electric Website

Welcome to our website.
Search FAQs
You are currently viewing the content available in Vietnam. If you are looking for information for another region, please select the correct country from the top-left dropdown in the page and 'Navigate to Browse FAQs' in the Support menu.
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889
Issue:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3 vulnerable to CVE-2022-33980 & CVE-2022-42889

NOTE: PCNS only uses StringEscapeUtils.escapeHtml4(String) from the commons-text library. PCNS use this to make some user-provided input (outlet group names, ssh action titles, etc.) safe for display in HTML.

Our testing shows this not vulnerable to the string interpolation issue highlighted by CVE-2022-42889.

If a customer fells they must upgrade because of CVE-2022-42889 have the customer follow the instruction below.

****This FAQ is internal because the CVEs have not been posted to the Cyber Security Portal.
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Product:
PowerChute Network Shutdown 4.4.1, 4.4.2 & 4.4.3

Environment:
All supported Windows OS
All supported Linux OS

Cause:
Vulnerability in Apache

Solution:
The information below can be shared with customers when they report either CVE as needed.

1. Download the folder Win-Replacement-files.zip or Linux-Replacement-files.zip that are attached and send the zip and instructions below to the customer.

On Windows
2. Uncompress the folder

3. Open a command prompt as an administrator and stop the PowerChute service. the command is net stop pcns1

4. Go to C:\Program Files\APC\PowerChute\group1\lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Win-Replacement-files folder to C:\Program Files\APC\PowerChute\group1\lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar


6 Restart the PowerChute service. The command is net start pcns1

On Linux

1. Log in as a root user

2. Uncompress the folder Linux-Replacement-files.zip

3. Stop the PowerChute service. the command is systemctl stop PowerChute

4. Go to /opt/APC/PowerChute/group1/lib and delete:
commons-codec-1.12.jar
commons-configuration2-2.4.jar
commons-io-2.7.jar
commons-lang3-3.8.1.jar
commons-text-1.6.jar

5 Copy the contents of the Linux-Replacement-files folder to /opt/APC/PowerChute/group1/lib. This step replaces the removed files and correct the vulnerability:
commons-codec-1.15.jar
commons-configuration2-2.8.0.jar
commons-io-2.11.0.jar
commons-lang3-3.13.0.jar
commons-text-1.10.0.jar


6 Restart the PowerChute service. The command is systemctl start PowerChute

Schneider Electric Vietnam

Attachment(s)
Linux-Replacement-files.zip [1.83 MB]
Win-Replacement-files.zip [1.83 MB]
Explore more
Range:
Articles that might be helpful Users group

Discuss this topic with experts

Visit our Community for first-hand insights from experts and peers on this topic and more.
Explore more
Range: