Article - CS358996

Kepware Apache log4j vulnerability - Incident Response

Modified: 28-Mar-2024   


Applies To

  • KEPServerEX 5.20.396.0 to 6.15
  • ThingWorx Kepware Server 6.8 to 6.15
  • LinkMaster 3.0.70.0 to 3.0.99.0
  • RedundancyMaster 2.0.47.0 to 2.0.128.0
  • ThingWorx Kepware Edge 1.0 to 1.3

Description

  • Customer alert and recommendations for remediation of the Apache log4j 2.x identified vulnerabilities CVE-2021-44228 and CVE 2021-45046.

  • This vulnerability is in a third-party library that PTC Software uses for logging application errors, events, and associated information.

  • The vulnerability if exploited allows for remote and potentially malicious code execution on your environments.

  • Regarding CVE-2021-4041 for Apache Log4j 1.x, there is no impact on PTC Kepware products

This is a printer-friendly version of Article 358996 and may be out of date. For the latest version click CS358996