UPDATED: 10-JAN-2018 | Security Notification: "Meltdown" (CVE-2017-5754) and "Spectre" (CVE-2017-5753 & CVE-2017-5715)​ - impact to APC products

Issue

Do the "Meltdown" (CVE-2017-5754) and "Spectre" (CVE-2017-5753 & CVE-2017-5715) vulnerabilites impact APC products?


Product Line

• Including but not limited to:
  • StruxureWare Data Center Expert (DCE)
  • StruxureWare Data Center Operation (DCO)
  • NetBotz Appliances
  • APC Network Management Cards
  • PowerChute Network Shutdown
  • PowerChute Business Edition
  • PowerChute Personal Edition
  • 1ph and 3ph UPS

Cause

Schneider Electric has become aware of two side channel attacks that leverage critical vulnerabilities in a wide range of computer CPU. These vulnerabilities have been named Spectre and Meltdown. Spectre tricks other applications into accessing arbitrary locations in their memory. Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. There have been no known exploits in the wild.

Resolution

Schneider Electric is actively monitoring vendor research into these vulnerabilities to determine appropriate actions to be taken. For the most up to date information and disclosure from the Schneider Electric Product Security Office, please visit this URL where the disclosure will be continuously updated, as needed: https://www.schneider-electric.com/en/download/document/SEVD-2018-005-01/

Update (10-JAN-2018): Product specific information is available at the following URL and the disclosure will also be continuously updated as new information becomes available specific to our product offers: https://www.schneider-electric.com/en/download/document/SEVD-2018-010-01/ 

For any additional questions, please contact your Schneider Electric representative or local technical support team.