Skip to Content

Register Login

Industry Online Support

Technical Forum

Navigation

SSA-661247: Apache Log4j Vulnerability (CVE-2021-44228, Log4Shell) - Impact to Siemens Products

Created by: ixo65 at: 12/14/2021 7:03 AM (17 Replies)

Rating (4)

Thanks 13

Result pages:: |; 1 | 2; |

18 Entries

Entries per page: 10 | all

12/28/2021 3:56 AM	Rate (0)
ixo65 Grandmaster Joined: 12/18/2014 Last visit: 1/15/2025 Posts: 34496 Rating: (4306)	Update from 12-27-2021 SSA-661247_V2.0 (siemens.com)

Suggestion To thank Quote Answer

12/29/2021 4:38 AM	Rate (0)
ixo65 Grandmaster Joined: 12/18/2014 Last visit: 1/15/2025 Posts: 34496 Rating: (4306)	Updates from 12-28-2021 SSA-784507_V1.0 (siemens.com) SSA-661247_V2.1 (siemens.com)

Suggestion To thank Quote Answer

1/6/2022 3:31 AM	Rate (0)
ixo65 Grandmaster Joined: 12/18/2014 Last visit: 1/15/2025 Posts: 34496 Rating: (4306)	Update from 01-05-2022 SSA-661247_V2.2 (siemens.com)

Suggestion To thank Quote Answer

1/18/2022 4:02 AM	Rate (0)
ixo65 Grandmaster Joined: 12/18/2014 Last visit: 1/15/2025 Posts: 34496 Rating: (4306)	Update from 01-17-2022 SSA-661247_V2.3 (siemens.com)

Suggestion To thank Quote Answer
This contribution was helpful to 2 thankful Users Jen_Moderator 0_Einstein

1/18/2022 2:34 PM	Rate (0)
0_Einstein Diamond Member Joined: 7/7/2010 Last visit: 1/14/2025 Posts: 15533 Rating: (2465)	And, now my work is not clear of the Log4J thing with the inclusion of the Adaptec RAID configuration webserver in several of the IPCs. ixo65 Update from 01-17-2022 SSA-661247_V2.3 (siemens.com)
	science guy
Suggestion To thank Quote Answer

1/29/2022 6:10 AM	Rate (0)
ixo65 Grandmaster Joined: 12/18/2014 Last visit: 1/15/2025 Posts: 34496 Rating: (4306)	Update from 01-28-2022 SSA-661247_V2.4 (siemens.com)

Suggestion To thank Quote Answer

2/8/2022 2:50 PM	Rate (0)
ixo65 Grandmaster Joined: 12/18/2014 Last visit: 1/15/2025 Posts: 34496 Rating: (4306)	Update from 02-07-2022 SSA-661247_V2.5 (siemens.com) Other CERT message: SSA-244969: OpenSSL Vulnerability in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf> SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization * <https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf> SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan * <https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf> SSA-609880: File Parsing Vulnerabilities in Simcenter Femap before V2022.1 * <https://cert-portal.siemens.com/productcert/pdf/ssa-609880.pdf> SSA-654775: Open Redirect Vulnerability in SINEMA Remote Connect Server * <https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf> SSA-669737: Improper Access Control Vulnerability in SICAM TOOLBOX II * <https://cert-portal.siemens.com/productcert/pdf/ssa-669737.pdf> SSA-831168: Cross-Site Scripting Vulnerability in Spectrum Power 4 * <https://cert-portal.siemens.com/productcert/pdf/ssa-831168.pdf> SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf> SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-914168.pdf> SSA-978692: Apache Log4j Vulnerabilities - Impact to Siemens Energy Omnivise Fleet Management * <https://cert-portal.siemens.com/productcert/pdf/ssa-978692.pdf> Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]: SSA-100232: Denial-of-Service vulnerability in SCALANCE X Switches * <https://cert-portal.siemens.com/productcert/pdf/ssa-100232.pdf> * Specifically added that SCALANCE X204RNA devices do not have any fix planned SSA-102233: SegmentSmack in VxWorks-based Industrial Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-102233.pdf> * Added affected products SIMATIC CP 442-1 RNA and SIMATIC CP 443-1 RNA SSA-211752: Multiple NTP-Client Related Vulnerabilities in SIMATIC CP 443-1 OPC UA * <https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf> * No remediation planned for SIMATIC CP 443-1 OPC UA SSA-293562: Denial of Service Vulnerabilities in PROFINET DCP Implementation of Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf> * No remediation planned for SIMATIC CP 443-1 OPC UA; added more information to the advisory title; no remediation planned for ET200 devices SSA-307392: Denial of Service in OPC UA in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf> * No remediation planned for SIMATIC CP 443-1 OPC UA SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021) * <https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf> * Added affected product SINUMERIK ONE NCU 1740 SSA-316383: NumberJack Vulnerability in LOGO! CMR and SIMATIC RTU 3000 devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf> * Expanded SIMATIC RTU 3000 family to specific individual affected products and added remediation for all the entries SSA-346262: Denial-of-Service in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-346262.pdf> * Clarified that no remediation is planned for ET200 devices SSA-349422: Denial-of-Service in Industrial Real-Time (IRT) Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf> * Clarified that no remediation is planned for ET200 devices SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP * <https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf> * Added an initial set of vulnerabilities for V2.9.4, and the following for V2.9.3: CVE-2021-3997, CVE-2021-3998, CVE-2021-3999, CVE-2021-4157, CVE-2021-22600, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852 SSA-443566: Authentication Bypass in SCALANCE X Switches Families * <https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf> * Specifically added that SCALANCE X204RNA devices do not have any fix planned SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf> * Updated solution for SIMATIC CP 1623; Clarified that currently no remediation is planned for SIMATIC CP 442-1 RNA, SIMATIC CP 443-1 RNA, TIM 3V-IE and TIM 4R-IE devices SSA-473245: Denial-of-Service Vulnerability in Profinet Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf> * Clarified that no remediation is planned for ET200 devices SSA-480230: Denial of service in Webserver of Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf> * No remediation planned for SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC CP 1604, SIMATIC CP 1616, and SIPLUS NET CP 343-1 Advanced SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) * <https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf> * Added solution for SENTRON PAC2200 (with and without MID approval) SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-593272.pdf> * No remediation planned for SIMATIC ET200 devices SSA-599968: Denial-of-Service Vulnerability in Profinet Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf> * Clarified that no remediation is planned for SCALANCE W700 and SCALANCE W1700, SIMATIC CP 1604, SIMATIC CP 1616, and SIMATIC CP 1626 SSA-661247: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf> * Added solution for Spectrum Power 4 and 7 (incl. jROS), for Teamcenter Technical Publishing and for Xpedition Enterprise and IC Packaging, versions VX.2.7, VX.2.8, VX.2.10; added additional products considered as not affected SSA-675303: WIBU Systems CodeMeter Runtime Vulnerabilities in Siemens Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf> * Added solution for SINEC INS SSA-714170: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000 * <https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf> * Revised severity of CVE-2021-45046; added specific document title provided in Siemens Energy customer portal SSA-772220: OpenSSL Vulnerabilities in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf> * Added solution for SCALANCE LPE9403; clarified that no remediation is planned for SCALANCE W-1700 IEEE 802.11ac family; added RUGGEDCOM CROSSBOW Station Access Controller as affected product ; fixed affected versions for SINEC NMS SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets * <https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf> * No remediation planned for SIMATIC CP 343-1 (incl. Advanced, ERPC, Lean and related SIPLUS variants), SIMATIC CP 443-1 OPC UA, SIMATIC ET200 devices, and SOFTNET-IE PNIO SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf> * Added solution for SIMATIC WinCC V16 and V17 and adjusted solution for SIMATIC PCS 7 V9.1 SSA-913875: Frame Aggregation and Fragmentation Vulnerabilities in 802.11 * <https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf> * Added solution for SCALANCE W-700 IEEE 802.11ax family, updated name and split into individual products the SCALANCE W-700 and SCALANCE W-1700 families and clarified that no remediation is planned for SCALANCE W-700 IEEE 802.11n and SCALANCE W-1700 families SSA-978220: Denial of Service Vulnerability over SNMP in Multiple Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf> * No remediation planned for SIMATIC CP 443-1 OPC UA, SIMATIC CP 343-1 Advanced, SIPLUS NET CP 343-1 Advanced SSA-995338: Multiple Vulnerabilities in COMOS Web * <https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf> * Added CVE-2021-37194 and Updated Affected Products

Suggestion To thank Quote Answer
This contribution was helpful to 1 thankful Users Jen_Moderator

3/8/2022 2:28 PM	Rate (0)
ixo65 Grandmaster Joined: 12/18/2014 Last visit: 1/15/2025 Posts: 34496 Rating: (4306)	Update from 03/08/2022 SSA-661247_V2.6 (siemens.com) Other CERT messages: Ladies and Gentlemen, for your information: The following new advisories/bulletins have just been published on the Siemens ProductCERT web site [1]: SSA-134279: Vulnerability in Mendix Forgot Password Appstore module * <https://cert-portal.siemens.com/productcert/pdf/ssa-134279.pdf> SSA-148641: XPath Constraint Vulnerability in Mendix Runtime * <https://cert-portal.siemens.com/productcert/pdf/ssa-148641.pdf> SSA-155599: File Parsing Vulnerabilities in COMOS * <https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf> SSA-166747: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2022.1 * <https://cert-portal.siemens.com/productcert/pdf/ssa-166747.pdf> SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 * <https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf> SSA-250085: Multiple Vulnerabilities in SINEC NMS * <https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf> SSA-252466: Multiple Vulnerabilities in Climatix POL909 (AWM and AWB) * <https://cert-portal.siemens.com/productcert/pdf/ssa-252466.pdf> SSA-256353: Third-Party Component Vulnerabilities in RUGGEDCOM ROS * <https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf> SSA-337210: Privilege Escalation Vulnerability in SINUMERIK MC * <https://cert-portal.siemens.com/productcert/pdf/ssa-337210.pdf> SSA-389290: Third-Party Component Vulnerabilities in SINEC INS * <https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf> SSA-406691: Buffer Vulnerabilities in DHCP function of RUGGEDCOM ROX products * <https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf> SSA-415938: Improper Access Control Vulnerability in Mendix * <https://cert-portal.siemens.com/productcert/pdf/ssa-415938.pdf> SSA-562051: Cross-Site Scripting Vulnerability in Polarion ALM * <https://cert-portal.siemens.com/productcert/pdf/ssa-562051.pdf> SSA-594438: Remote Code Execution and Denial-of-Service Vulnerability in multiple RUGGEDCOM ROX products * <https://cert-portal.siemens.com/productcert/pdf/ssa-594438.pdf> SSA-764417: Multiple Vulnerabilities in RUGGEDCOM Devices * <https://cert-portal.siemens.com/productcert/pdf/ssa-764417.pdf> Additionally, the following advisories / bulletins have just been updated on the Siemens ProductCERT web site [1]: SSA-244969: OpenSSL Vulnerability in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf> * Added solution for SINUMERIK Operate; Added Industrial Edge products SSA-301589: Multiple File Parsing Vulnerabilities in Solid Edge, JT2Go and Teamcenter Visualization * <https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf> * Added remediation for Teamcenter Visualization version lines V12.4 and V13.3 SSA-306654: Insyde BIOS Vulnerabilities in Siemens Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf> * Corrected AV:L for all CVEs, added RUGGEDCOM APE1808 and SIMATIC IPC477E PRO SSA-309571: IPU 2021.1 Vulnerabilities in Siemens Industrial Products using Intel CPUs (June 2021) * <https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf> * Added mitigation; clarified no remediation planned for SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP; added solution for SIMATIC IPC127E and SIMATIC ET 200SP Open Controller CPU 1515SP PC2 SSB-439005: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP * <https://cert-portal.siemens.com/productcert/pdf/ssb-439005.pdf> * Added CVE-2022-23308, CVE-2022-24407, CVE-2022-24448, CVE-2022-25235 SSA-462066: Vulnerability known as TCP SACK PANIC in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf> * Readded SCALANCE S615 to the list of affected products SSA-501073: Vulnerabilities in Controllers CPU 1518 MFP using Intel CPUs (November 2020) * <https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf> * Updated specific mitigations; clarified that no remediation is planned SSA-534763: Special Register Buffer Data Sampling (SRBDS) aka Crosstalk in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf> * Added solution for SIMATIC IPC3000 SMART V2 and clarified that no further fixes are planned SSA-541018: Embedded TCP/IP Stack Vulnerabilities (AMNESIA:33) in SENTRON PAC / 3VA Devices (Part 2) * <https://cert-portal.siemens.com/productcert/pdf/ssa-541018.pdf> * Added download link of update version for SENTRON PAC2200 SSA-669158: DNS Client Vulnerabilities in SIMOTICS CONNECT 400 * <https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf> * Added solution for CVE-2021-25677 SSA-669737: Improper Access Control Vulnerability in SICAM TOOLBOX II * <https://cert-portal.siemens.com/productcert/pdf/ssa-669737.pdf> * Updated Acknowledgments; Improved Mitigation Description SSA-678983: Vulnerabilities in Industrial PCs and CNC devices using Intel CPUs (November 2020) * <https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf> * Added solution for SIMATIC ET 200SP Open Controller CPU 1515SP PC2 SSA-703715: Information Disclosure Vulnerability in Climatix POL909 (AWM and AWB) * <https://cert-portal.siemens.com/productcert/pdf/ssa-703715.pdf> * Added product: Climatix POL909 (AWB module) SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-838121.pdf> * Added solution for SIMATIC S7-PLCSIM Advanced SSA-840188: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products * <https://cert-portal.siemens.com/productcert/pdf/ssa-840188.pdf> * Added Mitigation to CVE-2021-40358

Suggestion To thank Quote Answer

|

Share this page:

Share this page on...

Follow us on