{}

Our Brands

{"support":{"yesButton":"yes","noButton":"no","feedback":{"title":"What can we do to improve?"},"submitButton":"Submit","successMessage":"Thank you for your feedback","title":"Was this helpful?","feedbackPercentLabel":"of people found this helpful","captcha":{"error":"Please tick the box"}}}

Search FAQs

{"searchBar":{"inputPlaceholder":"Search by keyword or ask a question","searchBtn":"Search","error":"Please enter a keyword to search"}}

PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)

Issue:
PCI security compliance reports PowerChute Network Shutdown version 4.2 is vulnerable to Sweet32 (CVE-2016-2183)

Product Line:
PowerChute Network Shutdown (PCNS) version 4.2

Environment:
All supported OS

Cause:
PCNS 4.2 supports the following ciphers (you can see this by running an SSLScan on port 6547):

Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA

The DES-CBC3-SHA cipher is the one which is getting flagged by PCI security compliance for CVE-2016-2183


Solution:
Update PCNS 4.2 to the latest version.

Or y
ou can disable the use of this cipher as follows:


On Windows

1. Stop the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net stop pcns1

2. In the PowerChute Network Shutdown JRE folder located in (C:\Program Files\APC\PowerChute\jre_x64), open the file lib\security\java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via Administrative Tools/Services or from the command line (Run as administrator) with the following command:

net start pcns1

On Linux

1. Stop the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute stop

2. In the PowerChute Network Shutdown JRE folder located in (/opt/APC/PowerChute/jre1.8.0_91), open the file /lib/security/java.security using a text editor.

Go to the line containing the jdk.tls.disabledAlgorithms setting and add DESede to the list of disabled algorithms

e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DESede, DH keySize < 768

3. Start the PowerChute Network Shutdown service.

You can do this via the terminal window line with the following command:

service PowerChute start

Explore more
Explore more

Can't find what you are looking for?

Reach out to our Customer Care team to receive information on technical support, assistance for complaints and more.