The following products have been found not to be impacted by the Apache Log4j Vulnerability.

BillP · ‎2021-12-16

Apache Log4j Vulnerability (Log4Shell)

Based on the current Log4j information and analysis available, the following products are not impacted by the Log4j CVE-2021-44228 vulnerability:

Network Management Cards:
1. AP9630/AP9630CH/AP9630J
2. AP9631/AP9631CH/AP9631J
3. AP9635/AP9635CH
4. AP9640/AP9640J
5. AP9641/AP9641J
6. AP9643
7. Any device which includes Network Management Card Technology.
Easy UPS Network Management Cards:
1. APV9601
2. APV9602
EcoStruxure^TM Ready Smart-UPS (SmartConnect)
PowerChute^TM Personal Edition (Desktop shutdown software for Back-UPS).

For other products, please refer to Schneider Electric's security bulletin which contains the most up to date information:

https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Information on mitigating the issue for PowerChute Network Shutdown and PowerChute Business Edition see the security notification at the link above or see https://community.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m...

JohnJoe · ‎2021-12-23

Hi BillP

We have multiple AP9630 cards , so thankyou for this information.

We also have older AP9617 cards still in use, the user interface seems similar to the AP9630 (although less features) . Do you know if this model also does not use LOG4J ?