Kepware Apache log4j vulnerability - Incident Response
- KEPServerEX 5.20.396.0 N/A to 6.10.659.0
- ThingWorx Kepware Server 6.8.875.0 to 6.10.659.0
- LinkMaster 184.108.40.206 N/A to 220.127.116.11 N/A
- RedundancyMaster 18.104.22.168 N/A to 22.214.171.124 N/A
- ThingWorx Kepware Edge 1.0.501.0 to 1.3.1285.0
Customer alert and recommendations for remediation of the Apache log4j 2.x identified vulnerabilities CVE-2021-44228 and CVE 2021-45046.
This vulnerability is in a third-party library that PTC Software uses for logging application errors, events, and associated information.
The vulnerability if exploited allows for remote and potentially malicious code execution on your environments.
Regarding CVE-2021-4041 for Apache Log4j 1.x, there is no impact on PTC Kepware products