Article - CS358996
Kepware Apache log4j vulnerability - Incident Response
Modified: 01-Feb-2022
Applies To
- KEPServerEX 5.20.396.0 N/A to 6.10.659.0
- ThingWorx Kepware Server 6.8.875.0 to 6.10.659.0
- LinkMaster 3.0.70.0 N/A to 3.0.99.0 N/A
- RedundancyMaster 2.0.47.0 N/A to 2.0.128.0 N/A
- ThingWorx Kepware Edge 1.0.501.0 to 1.3.1285.0
Description
-
Customer alert and recommendations for remediation of the Apache log4j 2.x identified vulnerabilities CVE-2021-44228 and CVE 2021-45046.
-
This vulnerability is in a third-party library that PTC Software uses for logging application errors, events, and associated information.
-
The vulnerability if exploited allows for remote and potentially malicious code execution on your environments.
-
Regarding CVE-2021-4041 for Apache Log4j 1.x, there is no impact on PTC Kepware products
This is a PDF version of Article 358996 and may be out of date. For the latest version click https://www.ptc.com/en/support/article/CS358996