{}

Szukaj często zadawanych pytań

{"searchBar":{"inputPlaceholder":"Szukaj wg słów kluczowych lub zadaj pytanie","searchBtn":"Szukaj","error":"Wprowadź słowo kluczowe do wyszukania"}}

PowerChute Network Shutdown Scripts to Mitigate Multiple CVEs Including Log4Shell Vulnerabilities

Article available in these languages: Hiszpański

Issue:
PowerChute Network Shutdown is affected by the recent Log4Shell vulnerabilities and vulnerabilities in other 3rd party libararies as listed below:

Log4J:
[CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
Jetty:
[CVE-2021-34428](https://nvd.nist.gov/vuln/detail/CVE-2021-34428)
[CVE-2021-28169](https://nvd.nist.gov/vuln/detail/CVE-2021-28169)
[CVE-2021-28165](https://nvd.nist.gov/vuln/detail/CVE-2021-28165)
[CVE-2020-27223](https://nvd.nist.gov/vuln/detail/CVE-2020-27223)
[CVE-2020-27218](https://nvd.nist.gov/vuln/detail/CVE-2020-27218)
[CVE-2020-27216](https://nvd.nist.gov/vuln/detail/CVE-2020-27216)
Spring Framework
[CVE-2020-5398](https://nvd.nist.gov/vuln/detail/CVE-2020-5398)
[CVE-2020-5421](https://nvd.nist.gov/vuln/detail/CVE-2020-5421)

Commons Compress:
[CVE-2021-36090](https://nvd.nist.gov/vuln/detail/CVE-2021-36090)
[CVE-2021-35517](https://nvd.nist.gov/vuln/detail/CVE-2021-35517)
[CVE-2021-35516](https://nvd.nist.gov/vuln/detail/CVE-2021-35516)
[CVE-2021-35515](https://nvd.nist.gov/vuln/detail/CVE-2021-35515)
[CVE-2019-12402](https://nvd.nist.gov/vuln/detail/CVE-2019-12402)
[CVE-2018-11771](https://nvd.nist.gov/vuln/detail/CVE-2018-11771)

Products:
PowerChute Network Shutdown v4.3, v4.4, v4.4.1

For PowerChute Network Shutdown version 4.2 see Schneider Electric FAQ PowerChute Network Shutdown version 4.2 Scripts to Mitigate Log4Shell Vulnerabilities – CVE-2021-44228, CVE-2021-45046

Environment:
All supported OS for the versions of PowerChute Network Shutdown listed above.

Cause:
PowerChute Network Shutdown contains some vulnerable 3rd party libraries that are outdated. For more information, please refer to the NVD URLs of the respective CVEs.

Solution:
Download the relevant files for your product and follow the readme file instructions.

For PowerChute Network Shutdown version 4.3 download patch_4.3.1_en.zip
For PowerChute Network Shutdown version 4.4 download patch_4.4.0.3_en.zip
For PowerChute Network Shutdown version 4.4.1  download patch_4.4.2_en.zip
The files contain scripts that will remove the vulnerable 3rd party libraries and replace them with updated versions that address the CVEs listed above.
The zip files contain updated pcns.jar, jetty 9.4.43, commons-compress 1.21, and log4j 2.17.1 jar files.

On Windows OS:
  1. Extract the zip file contents.
  2. Open a command prompt as an administrator.
  3. Change directory to the folder where you extracted the files.
  4. Run the run_patch.cmd file.
  5. The script will remove the old 3rd party libraries and install newer versions that address the CVEs. The script will also update the pcns.jar file.
The PowerChute Network Shutdown Windows scripts are designed for all supported versions of Windows OS.
On Linux systems:
  1. Extract the zip file contents. If you extracted the zip file on a Windows system, copy the pcns_patch.sh and the files folder to the Linux system.
  2. Open a terminal prompt or connect to the Linux system via SSH and change directory to the location of the extracted files.
  3. Run the command “sudo chmod +x pcns_patch.sh” to make the file executable.
  4. Run the command “sudo ./pcns_patch.sh” to apply the updates. The script  will stop the PowerChute service, remove the old libraries, install the new libraries files to the appropriate directories, and restart the PowerChute service.
For the PowerChute Network Shutdown 4.4.1 virtual appliance download the new PowerChute 4.4.2 VM
PowerChute virtual appliance is AlmaLinux based replacing CentOS 8.


NOTE: The PowerChute Network, Shutdown Linux scripts, are designed for all supported versions of Linux, Solaris, AIX, HP-UX, and Mac OS.

Czy to było pomocne?

Dowiedz się więcej
Dowiedz się więcej