How to upgrade firmware or patch PDU against Ripple20 Treck TCP/IP Stack Vulnerabilities?

Tom2112 · ‎2023-01-30

I have spent the last hour digging around on Schneider's horrible website trying to find a firmware update or patch for my APC AP8641 rack PDUs. They show up on nessus scans as vulnerable to Ripple20 due to their Treck TCP/IP Stack.

This web page seems to indicate that there is a firmware or OS update/patch for my model (AP86XX series PDU) that fixes these vulnerabilities. But they don't link to the patch. The links there to the release notes & presumably to the update/patch are dead links. (Nice work Schneider!)

https://www.apc.com/us/en/faqs/FA410359/

So I search their online support/documentation. No luck there either. The only download available for my model AP8641 is a security wizard CLI, which is great if I wanted to change the certificates or SSH keys. But that's NOT going to update the vulnerable TCP/IP stack.

Is there a patch for this vulnerability? If so why doesn't it come up when you search your support site? And an even better question: why doesn't this ridiculously overpriced powerstrip have an auto-update feature? A $5 Raspberry Pi Zero does. Why doesn't my $2,500 PDU?

ThePie_apc · ‎2023-09-15

Any updates on this?

Adding in some "Top Experts" for assistance.

@BillP @voidstar_apc @Erasmus_apc @TheNotoriousKMP_apc

BillP · ‎2023-09-15

@Tom2112

The 7.0.8 firmware can be downloaded at

https://www.apc.com/us/en/product/SFRPDU2G708/apc-rack-power-distribution-unit-firmware-revision-7-0...

The security handbook can be downloaded at

https://download.schneider-electric.com/files?p_Doc_Ref=SPD_LFLG-9VYK3D_EN&p_enDocType=System+user+g...

ThePie_apc · ‎2023-09-15

I noticed that when the PDU turns on, outlets that were previously set to 'off' turn back 'on'. How can I keep these outlets off during a power cycle? @BillP

ThePie_apc · ‎2023-09-15

In the Outlet Configuration I found a option to keep the Outlet from turning back on after the PDU has a power cycle event.

mbrenneis · ‎2025-03-05

Looks like all the helpful inks in this posting are enow 404. I have been clicking around in the APC site for 30 min to find the firmware update for the AP8641 PDU.

Teken · ‎2025-03-06

You may use this APC Resource Link and scroll to the very bottom:

https://www.apc.com/us/en/product/AP8641/apc-rack-pdu-2g-metered-by-outlet-with-switching-0u-30a-200...

If this resolves your question please do mark this as a solution. So it may help the next person asking the same.

Questions Ask . . . 👍

mbrenneis · ‎2025-03-19

I looked and searched that page and am not finding information about updating the firmware.

I have received an email from support with a link, but it is kinda sad that I have to do the whole email dance just to find the instructions and files.

Teken · ‎2025-03-20

I don’t understand the firmware is literally at the very bottom of the page in the link.

Lincoln_Darran · ‎2025-03-21

@Teken - You're not wrong.

Lincoln_Darran · ‎2025-03-21

Download it, extract it, execute it, follow the prompts.

mbrenneis · ‎2025-03-21

Had to keep scrolling past the Documentation to get to the very bottom.

Thanks for the screenshot.

How to upgrade firmware or patch PDU against Ripple20 Treck TCP/IP Stack Vulnerabilities?

How to upgrade firmware or patch PDU against Ripple20 Treck TCP/IP Stack Vulnerabilities?

This is a heading