Log4j Security Vulnerability Response Center

Check here for the latest information on the Log4j security vulnerability by PTC product (Apache Log4j CVE-2021-44228)

PTC's remediation strategy


All product remediation actions provided by PTC apply to current and actively supported software versions. However, the remediation steps for these versions are similar or identical to earlier versions that leverage Log4j v1 or v2 and are no longer actively supported by PTC.

PTC strongly encourages customers on non-supported versions to take similar actions to protect their infrastructure and should not assume that previous versions of the software are not impacted by the vulnerabilities. Notably, PTC provides numerous security and performance-related improvements as we release new versions of our software. PTC strongly advocates for customers to leverage supported versions at their earliest opportunity to take advantage of these improvements and have the strongest possible security posture.

PTC believes that addressing cybersecurity threats is a shared responsibility across software providers, customers and active users of the software, partners and software integrators, governments and regulators, and more. PTC remains committed to fulfilling its role as a software provider in this shared responsibility model and strongly encourages other groups – including customers and active users – to fulfill theirs.

Recommended remediation by core product

If you need to contact PTC, please go to: www.ptc.com/support.

AdaWorld

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 15, 2021 at 8:08 p.m.

ApexAda

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 15, 2021 at 8:08 p.m.

Arena

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 14, 2021 at 11:45 p.m.

Atlas

Resolved, 5:30 AM EST Friday, December 10, 2021.

Arbortext

https://www.ptc.com/en/support/article/CS358998

Updated December 15, 2021 at 9:45 a.m.

Arbortext Content Delivery

https://www.ptc.com/en/support/article/CS358957

Updated December 23, 2021 at 9:33 a.m.

Arbortext IsoDraw

Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the Creo License Server: https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Axeda

https://www.ptc.com/en/support/article/CS358990

Updated December 14, 2021 at 11:45 p.m.

CADDS5

https://www.ptc.com/en/support/article/CS359313

Updated December 17, 2021 at 4:11 p.m.

Creo Direct

https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Creo Elements Direct

https://www.ptc.com/en/support/article/CS358965

Updated December 22, 2021 at 9:22 a.m.

Creo Generative Design

Not vulnerable to Log4j CVE-2021-44228 vulnerability. No further action required.

Updated December 15, 2021 at 8:08 a.m.

Creo Illustrate

Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the Creo License Server: https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Creo Layout

https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Creo Parametric

https://www.ptc.com/en/support/article/CS358831

https://www.ptc.com/en/support/article/CS359127

https://www.ptc.com/en/support/article/CS360340

Updated January 14, 2022 at 9:45 a.m.

Creo Schematics

https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Creo Simulate

https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Creo View

Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the Creo License Server: https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Creo View Adapters

https://www.ptc.com/en/support/article/CS359116

Updated December 22, 2021 at 9:22 a.m.

Empower

Not vulnerable to Log4j CVE-2021-44228 vulnerability.

Updated December 16, 2021 at 3:50 p.m.

iWarranty

Warranty analytics (Service Intelligence) uses IBM Cognos. Please refer to the Cognos section below under "3rd Party Tools/Products" for more details. All other modules are not vulnerable to Log4j CVE-2021-44228 vulnerability.

Updated December 17, 2021 at 9:11 a.m.

Kepware

https://www.ptc.com/en/support/article/CS358996

Updated December 15, 2021 at 8:45 a.m.

Mathcad

https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

MKS Implementer

https://www.ptc.com/en/support/article/CS359084

Updated December 17, 2021 at 4:19 p.m.

MKS Toolkit

https://www.ptc.com/en/support/article/CS359123

Updated December 17, 2021 at 4:15 p.m.

MOVE

https://www.ptc.com/en/support/article/CS359320

Updated December 17, 2021 at 5:26 p.m.

ObjectAda

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 15, 2021 at 8:08 p.m.

Onshape

Resolved 9:30 AM EST Friday, December 10, 2021.

Updated December 14, 2021 at 11:45 p.m.

Optegra

https://www.ptc.com/en/support/article/CS359312

Updated December 17, 2021 at 4:12 p.m.

Perc

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 14, 2021 at 11:45 p.m.

PTC Modeler

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 14, 2021 at 11:45 p.m.

PTC X/Server

https://www.ptc.com/en/support/article/CS359314

Updated December 17, 2021 at 4:17 p.m.

Service Knowledge Diagnostics (SKD)

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated April 29, 2024 at 6:45 p.m.

Servigistics

https://www.ptc.com/en/support/article/CS358886

Updated December 21, 2021 at 11:41 a.m.

TeleUSE

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 15, 2021 at 8:08 p.m.

ThingWorx Analytics

https://www.ptc.com/en/support/article/CS358901

Updated December 15, 2021 at 9:45 a.m.

ThingWorx Platform

https://www.ptc.com/en/support/article/CS358901

Updated December 14, 2021 at 11:58 p.m.

Vuforia Chalk

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 14, 2021 at 11:45 p.m.

Vuforia Engine SDK

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 14, 2021 at 11:45 p.m.

Vuforia Engine Server

Resolved 9:28 AM PST Friday, December 14, 2021.

Updated December 16, 2021 at 12:56 p.m.

Vuforia Expert Capture

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 14, 2021 at 11:45 p.m.

Vuforia Instruct

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 14, 2021 at 11:45 p.m.

Vuforia Studio

Not vulnerable to Log4j CVE2021-44228 vulnerability. This update Includes Vuforia Experience Service and Vuforia View.

Updated December 17, 2021 at 12:08 p.m.

Webship

https://www.ptc.com/en/support/article/CS359321

Updated December 17, 2021 at 5:26 p.m.

Windchill Asset Library

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 17, 2021 at 12:09 p.m.

Windchill Navigate

https://www.ptc.com/en/support/article/CS359107

Updated December 14, 2021 at 5 p.m.

Windchill PLM and FlexPLM

https://www.ptc.com/en/support/article/CS358789

Updated January 12, 2022 at 9:17 a.m. EST

Windchill Process Director

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 21, 2021 at 4:32 p.m.

Windchill Product Analytics

Not vulnerable to Log4j 2.x vulnerabilities CVE-2021-44228 & CVE 2021-45046. Not vulnerable to Log4j 1.x vulnerability CVE-2021-4104.

Updated December 17, 2021 at 4:07 p.m.

Windchill Requirements Connector

https://www.ptc.com/en/support/article/CS358984

Updated December 20, 2021 at 11:37 a.m.

Windchill Risk and Reliability (Formerly Windchill Quality Solutions)

Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the PTC License server:

https://www.ptc.com/en/support/article/CS358831

Updated January 14, 2022 at 9:45 a.m.

Windchill RV&S

https://www.ptc.com/en/support/article/CS358804

Updated December 14, 2021 at 11:58 p.m.

X32Plus

Not vulnerable to Log4j CVE2021-44228 vulnerability.

Updated December 15, 2021 at 8:08 p.m.

PTC cloud

In response to the Log4j security vulnerabilities, PTC Cloud fully committed to applying all formally recommended actions to protect against Apache Log4j 2 CVE-2021-44228 and CVE 2021-45046 across all technology vectors supported as part of our Cloud service.

As part of that commitment, we completely aligned with PTC’s various R&D organizations. As applicable and based on the latest published recommendations, we proactively and expeditiously executed required actions to best protect our customers against security threats.

PTC Cloud’s remediation actions can be found in our most recent published articles referenced under Cloud Products and Cloud 3rd Party sections below.

Across all technology platforms supported as part of our Cloud service, PTC Cloud has taken remediation actions to protect against all known critical vulnerabilities.

If you have any questions or concerns, please send your inquires to cloudservicemanagement@ptc.com and we will respond to you as soon as possible.

PTC Core Products





PTC Cloud 3rd Party Products/Tools





Recommended remediation by 3rd party products/tools

If you need to contact PTC, please go to: www.ptc.com/support.

Adobe Experience Manager (AEM)

https://www.ptc.com/en/support/article/CS359116

Updated December 22, 2021 at 9:22 a.m.

Cognos

Refer to the IBM published update page for reported impacts and recommended remediation steps: An update on the Apache Log4j CVE-2021-44228 vulnerability

To address any immediate concerns, Cognos may be turned off until more details are confirmed. Report generation will be disabled until resolved. All other product functionality will remain normal.


Updated December 21, 2021 at 10:28 a.m.

Performance Advisor (Dynatrace App Mon)

https://www.dynatrace.com/news/blog/how-dynatrace-uses-dynatrace-to-combat-the-log4j-vulnerability

Updated: January 13, 2022


Ping Federate

https://www.ptc.com/en/support/article/CS358902

Updated December 14, 2021 at 11:58 p.m.

Solr

Refer to the Apache Solr published advisory for Solr related impacts and recommended remediation steps: Apache Solr affected by Apache Log4J CVE-2021-44228

To address any immediate concerns, Solr may be turned off until more details are confirmed. Index Search will be disabled until resolved. All other product functionality will remain normal.


Updated December 21, 2021 at 4:32 p.m.

TIBCO

Refer to the TIBCO published article for TIBCO reported impacts and recommended remediation steps: Apache Log4J Vulnerability and Impact to TIBCO Products and Services


Updated April 17, 2024 at 2:30 p.m.