News -

A critical severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j library was disclosed on December 9, 2021.

For EcoStruxure IT Expert and a list of impacted products and remediations, please refer to our previous news article.

Based on the current Log4j information and analysis available, the following products are not impacted by the Log4j CVE-2021-44228 vulnerability.

Data Center Expert (DCE)
IT Advisor (ITA) (hosted and on premise)
Data Center Operations (DCO)
NetBotz 250
NetBotz v4.x (355, 450, 455, 550, 570)
Network Management Cards:
- AP9630/AP9630CH/AP9630J
- AP9631/AP9631CH/AP9631J
- AP9635/AP9635CH
- AP9640/AP9640J
- AP9641/AP9641J
- AP9643
- Any device which includes Network Management Card Technology.
Easy UPS Network Management Cards:
- APV9601
- APV9602
EcoStruxure^TM Ready Smart-UPS (SmartConnect)
PowerChute^TM Personal Edition (Desktop shutdown software for Back-UPS).

EcoStruxure IT Gateway and IT Expert

Log4j is a standard logging library used by many Java applications, including the EcoStruxure IT Expert and IT Gateway.

EcoStruxure IT Gateway

A new EcoStruxure IT Gateway version (1.13.1.5) containing log4j version 2.16 is now available. We strongly encourage all customers to upgrade.

EcoStruxure IT Gateway versions 1.5.0 to 1.13.0 contain the affected versions of the library and may be susceptible to remote code execution as described in CVE-2021-44228. It is still unclear if or how an exploit of log4j in the EcoStruxure IT Gateway is possible. Earlier EcoStruxure IT Gateway versions (1.4.3 and earlier) do not contain an impacted version of log4j.

EcoStruxure IT Expert

The cloud-based EcoStruxure IT Expert has already been updated with log4j version 2.15, which includes a fix for CVE-2021-44228. A newer and further hardened version of log4j, version 2.16, has just been released and will be implemented shortly.

Mar 11	TLStorm Vulnerability for APC Smart-UPS SMT, SMC, SMX, SCL, SMTL and SRT Series Posted by Phil Reed on 11 March 2022 11:57 AM
Schneider Electric is aware of the vulnerabilities associated with APC Smart-UPS uninterruptable power supply devices which, if compromised, may allow for potential unauthorized access and control of the device. Schneider Electric have now released patched versions of the firmware for these devices to resolve the vulnerability. Comtec recommend that you download and apply these updates to your UPS devices asap. If you need any assistance in doing this please contact your account manager and they can provide a quote for doing this work for you. Read more »

Mar 10	Log4j update for Powerchute BE Posted by Phil Reed on 10 March 2022 10:44 AM
Schneider Electric have issued an updated version of PowerChute Business Edition V10.0.5. This has been updated with log4j V 2.17.0 which includes a fix for these vulnerabilities and can be downloaded here: https://www.apc.com/shop/us/en/products/PowerChuteBusiness-Edition-v10-0-5/P-SFPCBE1005 Read more »

Jan 31	Log4j vulnerability CVE-2021-44228 update from Schneider Electric Posted by Phil Reed on 31 January 2022 10:56 AM
Log4j vulnerability CVE-2021-44228 A critical severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j library was disclosed on December 9, 2021. For EcoStruxure IT Expert and a list of impacted products and remediations, please refer to our previous news article. Based on the current Log4j information and analysis available, the following products are not impacted by the Log4j CVE-2021-44228 vulnerability. Data Center Expert (DCE) IT Advisor (ITA) (hosted and on premise) Data Center Operations (DCO) NetBotz 250 NetBotz v4.x (355, 450, 455, 550, 570) Network Management Cards: AP9630/AP9630CH/AP9630J AP9631/AP9631CH/AP9631J AP9635/AP9635CH AP9640/AP9640J AP9641/AP9641J AP9643 Any device which includes Network Management Card Technology. Easy UPS Network Management Cards: APV9601 APV9602 EcoStruxure^TM Ready Smart-UPS (SmartConnect) PowerChute^TM Personal Edition (Desktop shutdown software for Back-UPS). Read more »

Dec 16	Log4j Vulnerability CVE-2021-44228 Posted by Phil Reed on 16 December 2021 10:18 AM
Log4Shell Vulnerability CVE-2021-44228 - Response from Schneider Electric Schneider Electric is aware of the vulnerability known as Log4Shell impacting Apache Log4j, an open-source code project frequently used by applications and services from a variety of vendors. Our cybersecurity team is actively investigating its potential impact on Schneider Electric offers. In the meantime, customers should immediately ensure they have implemented cybersecurity best practices across their operations to protect themselves from the exploitation of this vulnerability. Where appropriate, this includes locating their systems and remotely accessible devices behind firewalls; installing physical controls to prevent unauthorized access; preventing mission-critical systems and devices from being accessed from outside networks; more information can be found in the Schneider Electric Recommended Cybersecurity Best Practices document. I recommend you register for Cybersecurity notification at: https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp There you will find more information on CVE-2021-44228 EcoStruxure IT Gateway and IT Expert Log4j is a standard logging library used by many Java applications, including the EcoStruxure IT Expert and IT Gateway. EcoStruxure IT Gateway A new EcoStruxure IT Gateway version (1.13.1.5) containing log4j version 2.16 is now available. We strongly encourage all customers to upgrade. EcoStruxure IT Gateway versions 1.5.0 to 1.13.0 contain the affected versions of the library and may be susceptible to remote code execution as described in CVE-2021-44228. It is still unclear if or how an exploit of log4j in the EcoStruxure IT Gateway is possible. Earlier EcoStruxure IT Gateway versions (1.4.3 and earlier) do not contain an impacted version of log4j. EcoStruxure IT Expert The cloud-based EcoStruxure IT Expert has already been updated with log4j version 2.15, which includes a fix for CVE-2021-44228. A newer and further hardened version of log4j, version 2.16, has just been released and will be implemented shortly. Read more »

Oct 13	Internet Outage 12/10/2021 Posted by Jon Carlier on 13 October 2021 10:03 AM
At around 16:20 yesterday afternoon (12th October 2021) a fault occurred that affected our DSL customers internet connections. The outage lasted for around 30 minutes and normal service was restored at 16:50. The fault was caused by a hardware failure at our upstream provider Read more »

Nov 11	Router Maintenance at Equinix LD8 Posted by Phil Reed on 11 November 2020 11:02 PM
Due to an urgent maintenance issue we had to reboot a key router at the datacentre at Equinix tonight at 22:45. This may have caused a network interruption of about 4 minutes. Kind regards Phil Read more »