Apache Log4j Vulnerabilities (Log4Shell)
Act NowSESB-2021-347-01Dec 13, 2021
Schneider ElectricEnergy
Summary
Schneider Electric products are vulnerable to Apache Log4j vulnerabilities, including CVE-2021-44228 (Log4Shell). Affected products include APC PowerChute Business Edition, APC PowerChute Network Shutdown, EcoStruxure IT Gateway, Eurotherm Data Reviewer, and Harmony Configurator. The vulnerability allows remote code execution through malicious Log4j expressions. Schneider Electric has released patches for most products (updated to Log4j 2.17), with automatic deployment mentioned for some components (SDK-UMS, Select and Config DATA, SNC-API, SNC-CMM, SNC-SEMTECH). Harmony Configurator has no fix planned.
What this means
What could happen
An attacker could execute arbitrary code on affected Schneider Electric management and monitoring systems by exploiting the Log4j vulnerability, potentially disrupting power management, facility operations, or access controls. This is actively being exploited.
Who's at risk
Organizations managing power distribution, UPS systems, and facility automation using Schneider Electric products should prioritize this. Specifically: electrical utility operators and facility managers using APC PowerChute for power management, EcoStruxure IT Gateway for infrastructure monitoring, Eurotherm Data Reviewer for thermal management systems, and Harmony Configurator for control system setup.
How it could be exploited
An attacker sends a specially crafted message containing a Log4j expression (e.g., via network input, logs, or API calls) to a vulnerable Log4j component. When the application logs this input, Log4j evaluates the expression, allowing the attacker to download and execute arbitrary code on the host system.
Prerequisites
- Network access to the affected application (management interface, API, or log input)
- No credentials required in most cases—malicious input can be sent via HTTP requests, network messages, or API calls
Actively exploited (KEV)Remotely exploitableNo authentication requiredExtremely high exploit probability (EPSS 94.4%)No fix available for Harmony ConfiguratorAffects critical infrastructure management systems
Exploitability
Actively exploited — confirmed by CISA KEV
Metasploit module available — weaponized exploitView module ↗
Public Proof-of-Concept (PoC) on GitHub (10 repositories)
Affected products (5)
4 with fix1 EOL
ProductAffected VersionsFix Status
APC PowerChute Business Edition9.510.010.0.1 and 3 more10.0.5
APC PowerChute Network Shutdown (PCNS)4.4.14.44.34.2>=4.5
EcoStruxure™ IT Gateway <=1.5.0|>=1.13.1.5≤ 1.5.0|≥ 1.13.1.51.13.2.3
Eurotherm Data Reviewer software≤ 3.0.24.0.0
Harmony Configurator≤ 33No fix (EOL)
Remediation & Mitigation
0/8
Do now
0/7APC PowerChute Business Edition
HOTFIXUpdate APC PowerChute Business Edition to version 10.0.5 or later
APC PowerChute Network Shutdown (PCNS)
HOTFIXUpdate APC PowerChute Network Shutdown (PCNS) to version 4.5 or later
Harmony Configurator
HARDENINGFor Harmony Configurator (version 33 and earlier): isolate behind firewall, restrict network access, disable remote access if not required, and monitor for suspicious activity
All products
HOTFIXUpdate EcoStruxure IT Gateway to version 1.13.2.3 or later
HOTFIXUpdate Eurotherm Data Reviewer to version 4.0.0 or later
HARDENINGPlace all Schneider Electric systems and remotely accessible devices behind firewalls to restrict unauthorized network access
HARDENINGPrevent mission-critical systems and devices from being accessible from external networks
Mitigations - no patch available
0/1Harmony Configurator has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement physical access controls to prevent unauthorized device tampering
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a26a1c54-346a-4caf-aab5-c40a3c01873eGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.