List of Siemens Products impacted by Log4j vulnerability

It seems almost all the Siemens products are affected by Log4j vulnerability as Siemens uses Java in most of their industrial products. For most of the products no remediation is available and there has been some workarounds and suggested but this might not work well according to the latest update on the Apache Log4j vulnerability. The best way to prevent intrusion is to update your web application firewall rules and block incoming and external traffic to the apps hosted on these servers. (As on Dec15th)

ProductVersionsStatusPatched/Fixed
CapitalAll > 2019.1 SP1912VulnerableNot Patched
Cosmos Desktop AppAll versionsVulnerableNot Patched
Desigo CC Advanced ReportingV4.0, V4.1, V4.2, V5.0, V5.1VulnerableNot Patched
Desigo CC Info CenterV5.0, V5.1VulnerableNot Patched
E-Car OC Cloud ApplicationAll version < Dec13thVulnerableFixed
EnergyIP PrepayV3.7, V3.8VulnerableFixed
GMA-ManagerAll versions > V8.6.2j-398VulnerableNot Patched
HES UDISAll versionsVulnerableNot Patched
Industrial Edge Management AppAll versionsVulnerableNot Patched
Industrial Edge Management OSAll versionsVulnerableNot Patched
Industrial Edge Manangement HubAll versionsVulnerableFixed
LOGO! Soft ComfortAll versionsVulnerableNot Patched
Mendix ApplicationsAll versionsVulnerableNot Patched
Mindsphere Cloud ApplicationAll versions < Dec11thVulnerableFixed
NXAll versionsVulnerableNot Patched
Opcenter IntelligenceAll versions > 3.2VulnerableNot Patched
Operation SchedulerAll versions >= V1.1.3VulnerableNot Patched
SIGUARD DSAV4.2, V4.3, V4.4VulnerableNot Patched
SIMATIC WinCC V7.4All versions < V7.4 SP1VulnerableNot Patched
SiPass integrated V2.80All versionsVulnerableNot Patched
SiPass integrated V2.85All versionsVulnerableNot Patched
Siveillance CommandAll versionsVulnerableNot Patched
Siveillance Control ProAll versionsVulnerableFixed
Siveillance Identity V1.5All versionsVulnerableNot patched
Siveillance Identity V1.6All versionsVulnerableNot patched
Siveillance VantageAll versionsVulnerableNot patched
Solid Edge Wiring Harness DesignAll versions >= 2020 SP2002VulnerableNot patched
Spectrum Power™ 4All versions only with jROSVulnerableFixed
Spectrum Power™ 7All versions < V2.30 with jROSVulnerableFixed
Spectrum Power™ 7All versions >= V2.30 SP2VulnerableFixed
Teamcenter SuiteAll versionsVulnerableNot patched
VeSysAll versionsVulnerableNot patched
Xpedition EDM ClientAll versionsVulnerableNot patched
Xpedition EDM ServerAll versionsVulnerableNot patched
Xpedition Package IntegratorAll versionsVulnerableNot patched
source: https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Firewall Mitigation:

If you are using any of the Siemens products above then the best mitigation is put firewall rules that blocks any incoming as well as outgoing connections from the servers and apps that host these apps. (This has been also suggested by Siemens)

Scroll to Top