Latest Updates
Dec
16
Log4j Vulnerability CVE-2021-44228
Posted by Phil Reed on 16 December 2021 10:18 AM
Log4Shell Vulnerability CVE-2021-44228 - Response from Schneider Electric

Schneider Electric is aware of the vulnerability known as Log4Shell impacting Apache Log4j, an open-source code project frequently used by applications and services from a variety of vendors. Our cybersecurity team is actively investigating its potential impact on Schneider Electric offers.
In the meantime, customers should immediately ensure they have implemented cybersecurity best practices across their operations to protect themselves from the exploitation of this vulnerability. Where appropriate, this includes locating their systems and remotely accessible devices behind firewalls; installing physical controls to prevent unauthorized access; preventing mission-critical systems and devices from being accessed from outside networks; more information can be found in the Schneider Electric Recommended Cybersecurity Best Practices document.

I recommend you register for Cybersecurity notification at: https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp
There you will find more information on CVE-2021-44228

EcoStruxure IT Gateway and IT Expert

Log4j is a standard logging library used by many Java applications, including the EcoStruxure IT Expert and IT Gateway. 

EcoStruxure IT Gateway

A new EcoStruxure IT Gateway version (1.13.1.5) containing log4j version 2.16 is now available. We strongly encourage all customers to upgrade.

EcoStruxure IT Gateway versions 1.5.0 to 1.13.0 contain the affected versions of the library and may be susceptible to remote code execution as described in CVE-2021-44228. It is still unclear if or how an exploit of log4j in the EcoStruxure IT Gateway is possible. Earlier EcoStruxure IT Gateway versions (1.4.3 and earlier) do not contain an impacted version of log4j.

EcoStruxure IT Expert

The cloud-based EcoStruxure IT Expert has already been updated with log4j version 2.15, which includes a fix for CVE-2021-44228. A newer and further hardened version of log4j, version 2.16, has just been released and will be implemented shortly.


Read more »



Oct
13
Internet Outage 12/10/2021
Posted by Jon Carlier on 13 October 2021 10:03 AM
At around 16:20 yesterday afternoon (12th October 2021) a fault occurred that affected our DSL customers internet connections. The outage lasted for around 30 minutes and normal service was restored at 16:50. The fault was caused by a hardware failure at our upstream provider
Read more »



Nov
11
Router Maintenance at Equinix LD8
Posted by Phil Reed on 11 November 2020 11:02 PM
Due to an urgent maintenance issue we had to reboot a key router at the datacentre at Equinix tonight at 22:45.  This may have caused a network interruption of about 4 minutes.

Kind regards

Phil

Read more »



Aug
20
Power Outage At Equinix LD8
Posted by Nick Claxson on 20 August 2020 01:16 PM

We have now received a further update on this.

Equinix's overview of the Incident:

At 04:33 on the 18th August 2020 at our LD8 IBX, Equinix facilities technicians responded to a fire alarm. Once deemed safe to do so, the site team started investigations into the source of the alarm, it was noted that it had originated from the building 8/9 main power room. The building fire suppression system was not activated nor required to do so at any point.

Site technicians proceeded to the main power room to investigate the issue and discovered smoke (no fire) within the room. The cause of the smoke was identified as a result of a failure on the main static transfer switch common output cabinet of the Galaxy UPS system. The fault had caused the system to shut down, resulting in a total loss of all customer power supplies supported by busbar risers ISP8 and ISP9 both of which are connected to the same UPS output.


Read more »



Aug
19
Power Outage At Equinix LD8
Posted by Nick Claxson on 19 August 2020 08:14 AM

Following the power beginning to be restored yesterday at LD8 many providers and transit operators have been working to restore their services which has affected the internet transit at large. Please note we have not received a 'works complete notification from Equinix at this time'

We have been kept informed that some of the larger operators such as LINX (London Internet Exchange) had to replace their line cards but that work is now complete and for many recipients of service there appears to be now a stability since many providers have completed the works overnight. 

Due to the large and unexpected impact of a power outage affecting so many providers to the internet we are continuing to monitor this situation as their may still be works ongoing with some providers that has not been flagged and also residual after effects to service provided generally.

 


Read more »