Kepware Apache log4j vulnerability - Incident Response
- RedundancyMaster 188.8.131.52 N/A to 184.108.40.206 N/A
- ThingWorx Kepware Edge 1.0.501.0 to 1.3.1285.0
- LinkMaster 220.127.116.11 N/A to 18.104.22.168 N/A
- KEPServerEX 5.20.396.0 N/A to 6.10.659.0
- ThingWorx Kepware Server 6.8.875.0 to 6.10.659.0
Customer alert and recommendations for remediation of the Apache log4j 2.x identified vulnerabilities CVE-2021-44228 and CVE 2021-45046.
This vulnerability is in a third-party library that PTC Software uses for logging application errors, events, and associated information.
The vulnerability if exploited allows for remote and potentially malicious code execution on your environments.
Regarding CVE-2021-4041 for Apache Log4j 1.x, there is no impact on PTC Kepware products