Buscar Preguntas Frecuentes
PowerChute Network Shutdown version 4.2 Scripts to Mitigate Log4Shell Vulnerabilities – CVE-2021-44228, CVE-2021-45046
Issue:
PowerChute Network Shutdown version 4.2 is affected by Log4Shell vulnerabilities CVE-2021-44228 and CVE-2021-45046.
Products:
PowerChute Network Shutdown v4.2
For PowerChute Network Shutdown versions 4.3, 4.4, 4.4.1 see Schneider Electric FAQ PowerChute Network Shutdown Scripts to Mitigate Multiple CVEs Including Log4Shell Vulnerabilities
Environment:
All supported OS for the versions of PowerChute Network Shutdown version 4.2
Cause:
PowerChute Network Shutdown contain a vulnerable version of the log4j-core jar file. For more information, please refer to this security bulletin.
Solution:
Download attached 4.2.0.1 scripts that remove the vulnerable log4j2
On Windows OS, to run the PCNS patch, un-compress the zip, open a command prompt as an administrator, cd to the folder where the uncompressed files reside, run the command run_patch.cmd. The patch will remove the old log4j files and install log4j 2.17. The patch will also update the pcns.jar file.
PowerChute Network, Shutdown Windows scripts, are designed for all supported versions of Windows OS.
On Linux systems, uncompress the zip file. Then if uncompressed on a Windows system, copy the log4jPatch.sh and the files folder to the Linux system. Once the files have been copied, open a terminal window and cd to the directory, the files have been copied to. Run the command sudo chmod 775 log4jPatch.sh to make the file executable. Then run the command sudo ./log4jPatch.sh to run the patch. The patch will stop the PowerChute service, copy a new pcns.jar file and new log4j 2.17 file to the appropriate directories and then restart PowerChute.
PowerChute Network, Shutdown Linux scripts, are designed for all supported versions of Linux, ESXi, Solaris, AIX, HPUX, and MacOS.
PowerChute Network Shutdown version 4.2 is affected by Log4Shell vulnerabilities CVE-2021-44228 and CVE-2021-45046.
Products:
PowerChute Network Shutdown v4.2
For PowerChute Network Shutdown versions 4.3, 4.4, 4.4.1 see Schneider Electric FAQ PowerChute Network Shutdown Scripts to Mitigate Multiple CVEs Including Log4Shell Vulnerabilities
Environment:
All supported OS for the versions of PowerChute Network Shutdown version 4.2
Cause:
PowerChute Network Shutdown contain a vulnerable version of the log4j-core jar file. For more information, please refer to this security bulletin.
Solution:
Download attached 4.2.0.1 scripts that remove the vulnerable log4j2
On Windows OS, to run the PCNS patch, un-compress the zip, open a command prompt as an administrator, cd to the folder where the uncompressed files reside, run the command run_patch.cmd. The patch will remove the old log4j files and install log4j 2.17. The patch will also update the pcns.jar file.
PowerChute Network, Shutdown Windows scripts, are designed for all supported versions of Windows OS.
On Linux systems, uncompress the zip file. Then if uncompressed on a Windows system, copy the log4jPatch.sh and the files folder to the Linux system. Once the files have been copied, open a terminal window and cd to the directory, the files have been copied to. Run the command sudo chmod 775 log4jPatch.sh to make the file executable. Then run the command sudo ./log4jPatch.sh to run the patch. The patch will stop the PowerChute service, copy a new pcns.jar file and new log4j 2.17 file to the appropriate directories and then restart PowerChute.
PowerChute Network, Shutdown Linux scripts, are designed for all supported versions of Linux, ESXi, Solaris, AIX, HPUX, and MacOS.
Publicado para:APC Peru
Documentos adjuntos
Explora más
Explora más
