Discover our Clipsal Smart Home packages as seen on the Block

in location

OR

I'm looking for

  • Wholesalers
    • Uncheck All Check All
  • EXPERTISE
    • Expand
    • Expand
    • Expand
    • Uncheck All Check All
  • Switchboard Manufacturers
    • Uncheck All Check All
OR

The best way to see what Clipsal electric products can do for your home is seeing them in action at a Clipsal Display Centre.

Product stock may vary according to location. If you're after a specific product range, please check with your chosen location before visiting.

10 Results
    Load More Load Complete
    Change Location

    Does the CCS Injection OpenSSL vulnerability (CVE-2014-0224) affect APC products?

    Issue:
    On 05-JUN-2014, the "CCS Injenction" Vulnerability (CVE-2014-0224) was detected and published by several Cyber Security outlets.


    Product Line:
    • StruxureWare Data Center Expert
    • StruxureWare Data Center Operation
    • NetBotz
    • APC Network Management Cards
    • PowerChute Network Shutdown
    • PowerChute Business Edition
    • APC Remote Monitoring Service (RMS)

    Environment:
    • SSL authentication applications

    Cause:
    Reported vulnerability in OpenSSL - CVE-2014-0224


    Resolution:
    Detailed description of the issue and some FAQ's can be found here and here

    The CCS Injection vulnerability highlights that OpenSSL’s flaw with ChangeCipherSpec processings make it possible for malicious third parties to intermediate specific communication by a Man-In-The-Middle attack. The attack can only be performed between a vulnerable client *and* server. 

    Schneider Electrics' Data Center Business has conducted a vulnerability assessment on the following platforms and found current shipping versions of each are not affected by the aforementioned vulnerabilities.
    • Data Center Operations (DCO) is currently operating with OpenSSL v0.9.8 and is therefore not affected.
    • Data Center Expert (DCE)  version 7.2.5 is currently operating with OpenSSL v1.0.1e and is not affected. Linux associated versions of openSSL and vulnerable versions can be found here:  https://access.redhat.com/articles/904433
    • NetBotz Appliances 4.4.2 is now running Openssl 0.9.8zc. This issue was fixed in OpenSSL 0.9.8za according to  www.openssl.org/news/vulnerabilities.html
    • All Network Management Card (NMC) Applications do not utilize OpenSSL and are therefore not affected.
    • PowerChute Network Shutdown is not affected. PowerChute Network Shutdown versions 3.1 and 4.0 Appliance for VMware utilizes v0.9.8e. To update SSL on the Appliance run the command yum update openssl
    • PowerChute Business Edition is not affected. PowerChute Business Edition utilizes OpenSSL version 0.9.4.
    • APC Remote Monitoring Service (RMS) is not affected because it does not utilize OpenSSL.

    Cyber Security is an important element of Schneider Electrics' commitment to software quality. Regular vulnerability assessment and further investigation is ongoing on other Schneider Electric platforms in addition to the above and will be detailed if discovered.
     

    Didn’t find what you were looking for?

    Try Searching Again View Our Categories

    Need further assistance?

    Our Customer Care department provides total customer service solutions for our residential, industrial and commercial applications.

    Get Assistance