December 2021
22.12.2021
BOSCH PSIRT
Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address Server (PRA-APAS)
Title
Log4j Vulnerabilities - Impact on PRAESENSA Advanced Public Address Server (PRA-APAS)
Published
Dec. 22, 2021, 1 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-993110-bt.html
Summary

BOSCH-SA-993110-BT: The 1.0.31 software version of the PRAESENSA Advanced Public Address Server (PRA-APAS) contains version 2.10.0 of the Apache Log4j logging service. Recently Apache has warned that this Log4j version contains multiple vulnerabilities, including the Log4Shell vulnerability (CVE-2021-44228).This Log4Shell vulnerability allows remote code execution by sending a specifically crafted log ...

22.12.2021
SIEMENS CERT
SSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.8 (Last Update: 2021-12-22): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 22, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
21.12.2021
US CERT (ICS)
Fresenius Kabi Agilia Connect Infusion System
Title
Fresenius Kabi Agilia Connect Infusion System
Published
Dec. 21, 2021, 4:25 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsma-21-355-01
Summary
This advisory contains mitigations for several vulnerabilities in the Fresenius Kabi Agilia Connect Infusion System.
21.12.2021
US CERT (ICS)
mySCADA myPRO
Title
mySCADA myPRO
Published
Dec. 21, 2021, 4:20 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-355-01
Summary
This advisory contains mitigations for Authentication Bypass Using an Alternate Path or Channel, Use of Password Hash with Insufficient Computational Effort, Hidden Functionality, and OS Command Injection vulnerabilities in the mySCADA myPRO HMI/SCADA system.
21.12.2021
US CERT (ICS)
Horner Automation Cscape EnvisionRV
Title
Horner Automation Cscape EnvisionRV
Published
Dec. 21, 2021, 4:15 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-355-02
Summary
This advisory contains mitigations for an Improper Input Validation vulnerability in Horner Automation Cscape EnvisionRV industrial remote viewing software.
21.12.2021
US CERT (ICS)
Schneider Electric Rack PDU (Update A)
Title
Schneider Electric Rack PDU (Update A)
Published
Dec. 21, 2021, 4 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-348-02
Summary
This updated advisory is a follow-up to the original advisory titled ICSA-21-348-02 Schneider Electric Rack PDU that was published December 14, 2021, to the ICS webpage on www.cisa.gov/uscert. This advisory contains mitigations for an Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Schneider Electric Rack Power Distribution Unit ...
21.12.2021
BOSCH PSIRT
Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products
Title
Apache Log4j Vulnerabilities - Impact on Bosch Rexroth Products
Published
Dec. 21, 2021, 1 a.m.
URL
https://psirt.bosch.com/security-advisories/bosch-sa-572602.html
Summary

BOSCH-SA-572602: The Apache Software Foundation has published information about a vulnerability in the Java logging framework *log4j*, which allows an attacker to execute arbitrary code loaded from LDAP or JNDI related endpoints which are under control of the attacker. \[1\]Additionally, a further vulnerability might allow an attacker to cause a ...

21.12.2021
SIEMENS CERT
SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.7 (Last Update: 2021-12-21): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 21, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
21.12.2021
SIEMENS CERT
SSA-479842 V1.0: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)
Title
SSA-479842 V1.0: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer (Platform, Basic and Advanced)
Published
Dec. 21, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
20.12.2021
SIEMENS CERT
SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlert...
Title
SSA-397453 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS
Published
Dec. 20, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging library used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
20.12.2021
SIEMENS CERT
SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.6 (Last Update: 2021-12-20): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 20, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
19.12.2021
SIEMENS CERT
SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products
Title
SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products
Published
Dec. 19, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 contain a vulnerability (CVE-2021-45105) that could allow attackers to cause a denial of service condition in affected applications [1]. This advisory informs about the impact of CVE-2021-45105 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from the JNDI ...
19.12.2021
SIEMENS CERT
SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.5 (Last Update: 2021-12-19): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 19, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
18.12.2021
SIEMENS CERT
SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.4 (Last Update: 2021-12-18): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 18, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
17.12.2021
US CERT (ICS)
Siemens SINUMERIK Edge
Title
Siemens SINUMERIK Edge
Published
Dec. 17, 2021, 4:36 a.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-09
Summary
This advisory contains mitigations for an Improper Certificate Validation vulnerability in the Siemens SINUMERIK Edge hardware and software digital production support and optimization platform.
17.12.2021
SIEMENS CERT
SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.3 (Last Update: 2021-12-17): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 17, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
16.12.2021
US CERT (ICS)
Xylem AquaView
Title
Xylem AquaView
Published
Dec. 16, 2021, 4:52 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-01
Summary
This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the Xylem AquaView SCADA system.
16.12.2021
US CERT (ICS)
Wibu-Systems CodeMeter Runtime
Title
Wibu-Systems CodeMeter Runtime
Published
Dec. 16, 2021, 4:48 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-03
Summary
This advisory contains mitigations for an Improper Privilege Management vulnerability in the Wibu-Systems CodeMeter Runtime server.
16.12.2021
US CERT (ICS)
Mitsubishi Electric GX Works2
Title
Mitsubishi Electric GX Works2
Published
Dec. 16, 2021, 4:46 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-04
Summary
This advisory contains mitigations for an Improper Handling of Length Parameter Inconsistency vulnerability in #Mitsubishi Electric's GX Works2 engineering software.
16.12.2021
US CERT (ICS)
Mitsubishi Electric FA Engineering Software
Title
Mitsubishi Electric FA Engineering Software
Published
Dec. 16, 2021, 4:44 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-05
Summary
This advisory contains mitigations for Out-of-bounds Read, and Integer Underflow vulnerabilities in Mitsubishi Electric's FA Engineering Software engineering software.
16.12.2021
US CERT (ICS)
Siemens Capital VSTAR
Title
Siemens Capital VSTAR
Published
Dec. 16, 2021, 4:42 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-06
Summary
This advisory contains mitigations for a several vulnerabilities in Siemens Capital VSTAR software platform products using Nucleus NET, the networking stack of Nucleus RTOS (real-time operating system).
16.12.2021
US CERT (ICS)
Siemens POWER METER SICAM Q100
Title
Siemens POWER METER SICAM Q100
Published
Dec. 16, 2021, 4:40 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-07
Summary
This advisory contains mitigations for a Stack-based Buffer Overflow vulnerability in the Siemens POWER METER SICAM Q100 power monitoring device.
16.12.2021
US CERT (ICS)
Siemens JTTK and JT Utilities
Title
Siemens JTTK and JT Utilities
Published
Dec. 16, 2021, 4:38 p.m.
URL
https://us-cert.cisa.gov/ics/advisories/icsa-21-350-08
Summary
This advisory contains mitigations for Out-of-bounds Write, Use after Free, Out-of-bounds Read vulnerability in in the Siemens JTTK programming interface, and JT Utilities series of command line utilities.
16.12.2021
SIEMENS CERT
SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to...
Title
SSA-661247 V1.2 (Last Update: 2021-12-16): Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Products
Published
Dec. 16, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...
16.12.2021
SIEMENS CERT
SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000
Title
SSA-714170 V1.0: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000
Published
Dec. 16, 2021, 1 a.m.
URL
https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
Summary
On 2021-12-09, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as “Log4Shell”. On 2021-12-14 an additional denial of service vulnerability (CVE-2021-45046) ...

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds