Article - CS358996

Kepware Apache log4j vulnerability - Incident Response

Modified: 01-Feb-2022   


Applies To

  • RedundancyMaster 2.0.47.0 N/A to 2.0.128.0 N/A
  • ThingWorx Kepware Edge 1.0.501.0 to 1.3.1285.0
  • LinkMaster 3.0.70.0 N/A to 3.0.99.0 N/A
  • KEPServerEX 5.20.396.0 N/A to 6.10.659.0
  • ThingWorx Kepware Server 6.8.875.0 to 6.10.659.0

Description

  • Customer alert and recommendations for remediation of the Apache log4j 2.x identified vulnerabilities CVE-2021-44228 and CVE 2021-45046.

  • This vulnerability is in a third-party library that PTC Software uses for logging application errors, events, and associated information.

  • The vulnerability if exploited allows for remote and potentially malicious code execution on your environments.

  • Regarding CVE-2021-4041 for Apache Log4j 1.x, there is no impact on PTC Kepware products

This is a printer-friendly version of Article 358996 and may be out of date. For the latest version click CS358996