|
|
Schneider Electric is aware of the vulnerabilities associated with APC Smart-UPS uninterruptable power supply devices which, if compromised, may allow for potential unauthorized access and control of the device.
Schneider Electric have now released patched versions of the firmware for these devices to resolve the vulnerability. Comtec recommend that you download and apply these updates to your UPS devices asap. If you need any assistance in doing this please contact your account manager and they can provide a quote for doing this work for you.
Read more »
|
|
|
|
Schneider Electric have issued an updated version of PowerChute Business Edition V10.0.5. This has been updated with log4j V 2.17.0 which includes a fix for these vulnerabilities and can be downloaded here:
https://www.apc.com/shop/us/en/products/PowerChuteBusiness-Edition-v10-0-5/P-SFPCBE1005
Read more »
|
|
|
|
Log4j vulnerability CVE-2021-44228
A critical severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j library was disclosed on December 9, 2021.
For EcoStruxure IT Expert and a list of impacted products and remediations, please refer to our previous news article.
Based on the current Log4j information and analysis available, the following products are not impacted by the Log4j CVE-2021-44228 vulnerability.
-
Data Center Expert (DCE)
-
IT Advisor (ITA) (hosted and on premise)
- Data Center Operations (DCO)
-
NetBotz 250
-
NetBotz v4.x (355, 450, 455, 550, 570)
-
Network Management Cards:
- AP9630/AP9630CH/AP9630J
- AP9631/AP9631CH/AP9631J
- AP9635/AP9635CH
- AP9640/AP9640J
- AP9641/AP9641J
- AP9643
- Any device which includes Network Management Card Technology.
-
Easy UPS Network Management Cards:
-
EcoStruxureTM Ready Smart-UPS (SmartConnect)
-
PowerChute TM Personal Edition (Desktop shutdown software for Back-UPS).
Read more »
|
|
|
|
Log4Shell Vulnerability CVE-2021-44228 - Response from Schneider Electric
Schneider Electric is aware of the vulnerability known as Log4Shell impacting Apache Log4j, an open-source code project frequently used by applications and services from a variety of vendors. Our cybersecurity team is actively investigating its potential impact on Schneider Electric offers. In the meantime, customers should immediately ensure they have implemented cybersecurity best practices across their operations to protect themselves from the exploitation of this vulnerability. Where appropriate, this includes locating their systems and remotely accessible devices behind firewalls; installing physical controls to prevent unauthorized access; preventing mission-critical systems and devices from being accessed from outside networks; more information can be found in the Schneider Electric Recommended Cybersecurity Best Practices document.
I recommend you register for Cybersecurity notification at: https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp There you will find more information on CVE-2021-44228
EcoStruxure IT Gateway and IT Expert
Log4j is a standard logging library used by many Java applications, including the EcoStruxure IT Expert and IT Gateway.
EcoStruxure IT Gateway
A new EcoStruxure IT Gateway version (1.13.1.5) containing log4j version 2.16 is now available. We strongly encourage all customers to upgrade.
EcoStruxure IT Gateway versions 1.5.0 to 1.13.0 contain the affected versions of the library and may be susceptible to remote code execution as described in CVE-2021-44228. It is still unclear if or how an exploit of log4j in the EcoStruxure IT Gateway is possible. Earlier EcoStruxure IT Gateway versions (1.4.3 and earlier) do not contain an impacted version of log4j.
EcoStruxure IT Expert
The cloud-based EcoStruxure IT Expert has already been updated with log4j version 2.15, which includes a fix for CVE-2021-44228. A newer and further hardened version of log4j, version 2.16, has just been released and will be implemented shortly.
Read more »
|
|
|
|
At around 16:20 yesterday afternoon (12th October 2021) a fault occurred that affected our DSL customers internet connections. The outage lasted for around 30 minutes and normal service was restored at 16:50. The fault was caused by a hardware failure at our upstream provider
Read more »
|
|
|
|
Due to an urgent maintenance issue we had to reboot a key router at the datacentre at Equinix tonight at 22:45. This may have caused a network interruption of about 4 minutes.
Kind regards
Phil
Read more »
|
|