Kepware Apache log4j vulnerability - Incident Response
Applies To
- KEPServerEX 5.20.396.0 to 6.15
- ThingWorx Kepware Server 6.8 to 6.15
- LinkMaster 3.0.70.0 to 3.0.99.0
- RedundancyMaster 2.0.47.0 to 2.0.128.0
- ThingWorx Kepware Edge 1.0 to 1.3
Description
-
Customer alert and recommendations for remediation of the Apache log4j 2.x identified vulnerabilities CVE-2021-44228 and CVE 2021-45046.
-
This vulnerability is in a third-party library that PTC Software uses for logging application errors, events, and associated information.
-
The vulnerability if exploited allows for remote and potentially malicious code execution on your environments.
-
Regarding CVE-2021-4041 for Apache Log4j 1.x, there is no impact on PTC Kepware products