The following products have been found not to be impacted by the Apache Log4j Vulnerability.

BillP · ‎2021-12-16

Apache Log4j Vulnerability (Log4Shell)

Based on the current Log4j information and analysis available, the following products are not impacted by the Log4j CVE-2021-44228 vulnerability:

Network Management Cards:
1. AP9630/AP9630CH/AP9630J
2. AP9631/AP9631CH/AP9631J
3. AP9635/AP9635CH
4. AP9640/AP9640J
5. AP9641/AP9641J
6. AP9643
7. Any device which includes Network Management Card Technology.
Easy UPS Network Management Cards:
1. APV9601
2. APV9602
EcoStruxure^TM Ready Smart-UPS (SmartConnect)
PowerChute^TM Personal Edition (Desktop shutdown software for Back-UPS).

For other products, please refer to Schneider Electric's security bulletin which contains the most up to date information:

https://www.se.com/ww/en/work/support/cybersecurity/security-notifications.jsp

Information on mitigating the issue for PowerChute Network Shutdown and PowerChute Business Edition see the security notification at the link above or see https://community.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m...

JohnJoe · ‎2021-12-23

Hi BillP

We have multiple AP9630 cards , so thankyou for this information.

We also have older AP9617 cards still in use, the user interface seems similar to the AP9630 (although less features) . Do you know if this model also does not use LOG4J ?

The following products have been found not to be impacted by the Apache Log4j Vulnerability.

The following products have been found not to be impacted by the Apache Log4j Vulnerability.

This is a heading