Sign in to follow this  
Followers 0
BobLfoot

Apache Log4J

Started by BobLfoot,

2 posts in this topic

Posted

IT will be making more and more news that the Apache Logging Unit - LogShell ot Log4J2 has a major remote access vulnerability.  This is a widely used subsystem and so I am posting what I've been able to garner about affected automation products here and hope others post factual not anecdotal evidence here as well.

Aveva Wonderware - https://wonderwarenorth.com/tech-alerts/Tech%20Alert%20-%20Apache%20Log4j.pdf

Rockwell Automation - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605/loc/en_US#__highlight

GE Proficy - https://digitalsupport.ge.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail%3Fid%3DkA28a000000bzlgCAA%26lang%3Den_US%26Type%3DArticle__kav&entityId=ka28a000000c3DPAAY&field=File_1__Body__s

Share this post

Link to post
Share on other sites

Posted

The Ignition SCADA platform from Inductive Automation is completely unaffected:

https://forum.inductiveautomation.com/t/apache-log4j-vulnerability-cve-2021-44228/54050

Most third-party plug-in providers have announced that their modules are unaffected (like mine).

(The Ignition SDK for third parties provides logging through their infrastructure, so it would have to be a particularly brain-dead developer involved.)

1 person likes this

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Computer Help and Networking