How to upgrade firmware or patch PDU against Ripple20 Treck TCP/IP Stack Vulnerabilities?
APC UPS Data Center & Enterprise Solutions Forum
Schneider Electric support forum for our Data Center and Business Power UPS, UPS Accessories, Software, Services, and associated commercial products designed to share knowledge, installation, and configuration.
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send InviteCancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
How to upgrade firmware or patch PDU against Ripple20 Treck TCP/IP Stack Vulnerabilities?
I have spent the last hour digging around on Schneider's horrible website trying to find a firmware update or patch for my APC AP8641 rack PDUs. They show up on nessus scans as vulnerable to Ripple20 due to their Treck TCP/IP Stack.
This web page seems to indicate that there is a firmware or OS update/patch for my model (AP86XX series PDU) that fixes these vulnerabilities. But they don't link to the patch. The links there to the release notes & presumably to the update/patch are dead links. (Nice work Schneider!)
So I search their online support/documentation. No luck there either. The only download available for my model AP8641 is a security wizard CLI, which is great if I wanted to change the certificates or SSH keys. But that's NOT going to update the vulnerable TCP/IP stack.
Is there a patch for this vulnerability? If so why doesn't it come up when you search your support site? And an even better question: why doesn't this ridiculously overpriced powerstrip have an auto-update feature? A $5 Raspberry Pi Zero does. Why doesn't my $2,500 PDU?