List of Siemens Products impacted by Log4j vulnerability

It seems almost all the Siemens products are affected by Log4j vulnerability as Siemens uses Java in most of their industrial products. For most of the products no remediation is available and there has been some workarounds and suggested but this might not work well according to the latest update on the Apache Log4j vulnerability. The best way to prevent intrusion is to update your web application firewall rules and block incoming and external traffic to the apps hosted on these servers. (As on Dec15th)


ProductVersionsStatusPatched/Fixed
CapitalAll > 2019.1 SP1912 VulnerableNot Patched
Cosmos Desktop AppAll versionsVulnerable Not Patched
Desigo CC Advanced ReportingV4.0, V4.1, V4.2, V5.0, V5.1Vulnerable Not Patched
Desigo CC Info CenterV5.0, V5.1Vulnerable Not Patched
E-Car OC Cloud ApplicationAll version < Dec13thVulnerable Fixed
EnergyIP PrepayV3.7, V3.8Vulnerable Fixed
GMA-ManagerAll versions > V8.6.2j-398VulnerableNot Patched
HES UDISAll versionsVulnerableNot Patched
Industrial Edge Management AppAll versionsVulnerable Not Patched
Industrial Edge Management OSAll versionsVulnerable Not Patched
Industrial Edge Manangement HubAll versionsVulnerableFixed
LOGO! Soft ComfortAll versions Vulnerable Not Patched
Mendix ApplicationsAll versionsVulnerableNot Patched
Mindsphere Cloud ApplicationAll versions < Dec11thVulnerableFixed
NXAll versionsVulnerable Not Patched
Opcenter IntelligenceAll versions > 3.2Vulnerable Not Patched
Operation SchedulerAll versions >= V1.1.3Vulnerable Not Patched
SIGUARD DSAV4.2, V4.3, V4.4Vulnerable Not Patched
SIMATIC WinCC V7.4All versions < V7.4 SP1VulnerableNot Patched
SiPass integrated V2.80All versionsVulnerable Not Patched
SiPass integrated V2.85All versionsVulnerable Not Patched
Siveillance CommandAll versionsVulnerable Not Patched
Siveillance Control ProAll versions VulnerableFixed
Siveillance Identity V1.5All versionsVulnerable Not patched
Siveillance Identity V1.6All versions Vulnerable Not patched
Siveillance VantageAll versions Vulnerable Not patched
Solid Edge Wiring Harness DesignAll versions >= 2020 SP2002Vulnerable Not patched
Spectrum Power™ 4All versions only with jROSVulnerable Fixed
Spectrum Power™ 7All versions < V2.30 with jROSVulnerable Fixed
Spectrum Power™ 7All versions >= V2.30 SP2Vulnerable Fixed
Teamcenter SuiteAll versionsVulnerableNot patched
VeSysAll versionsVulnerable Not patched
Xpedition EDM ClientAll versionsVulnerableNot patched
Xpedition EDM ServerAll versions Vulnerable Not patched
Xpedition Package IntegratorAll versionsVulnerableNot patched
source: https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Firewall Mitigation:

If you are using any of the Siemens products above then the best mitigation is put firewall rules that blocks any incoming as well as outgoing connections from the servers and apps that host these apps. (This has been also suggested by Siemens)


Shan

I am a  Technical Architect who dabbles with different languages and technologies

You may also like...