Number: AV21-632
Date: 14 December 2021
On 14 December 2021 Schneider Electric published Security Notifications to address vulnerabilities in multiple products. Included were updates for the following:
- APC Rack PDU products – multiple products and versions
- EcoStruxure Power Monitoring Expert – version 9.0 and prior
- EVlink – multiple products and versions
- IGSS Data Collector – version V15.0.0.21320 and prior
- Apache Log4j Vulnerability
Exploitation of these vulnerabilities could result in unauthorized access, execution of malicious web code, remote code execution, denial of service and information disclosure.
The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.
Apache Log4j Vulnerability
https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01
Schneider Electric Cybersecurity Support Portal
https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp