Posted 17 Dec 2021 IT will be making more and more news that the Apache Logging Unit - LogShell ot Log4J2 has a major remote access vulnerability. This is a widely used subsystem and so I am posting what I've been able to garner about affected automation products here and hope others post factual not anecdotal evidence here as well. Aveva Wonderware - https://wonderwarenorth.com/tech-alerts/Tech%20Alert%20-%20Apache%20Log4j.pdf Rockwell Automation - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605/loc/en_US#__highlight GE Proficy - https://digitalsupport.ge.com/communities/servlet/fileField?retURL=%2Fcommunities%2Fapex%2FKnowledgeDetail%3Fid%3DkA28a000000bzlgCAA%26lang%3Den_US%26Type%3DArticle__kav&entityId=ka28a000000c3DPAAY&field=File_1__Body__s Share this post Link to post Share on other sites
Posted 18 Dec 2021 The Ignition SCADA platform from Inductive Automation is completely unaffected: https://forum.inductiveautomation.com/t/apache-log4j-vulnerability-cve-2021-44228/54050 Most third-party plug-in providers have announced that their modules are unaffected (like mine). (The Ignition SDK for third parties provides logging through their infrastructure, so it would have to be a particularly brain-dead developer involved.) 1 person likes this Share this post Link to post Share on other sites