SSA-501673 V1.0: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products
Risk Summary
<p>Apache Log4j2 versions 2.0-alpha1 through 2.16.0 contain a vulnerability (CVE-2021-45105) that could allow attackers to cause a denial of service condition in affected applications [1].</p> <p>This advisory informs about the impact of CVE-2021-45105 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from the JNDI lookup vulnerabilities, the impact of which is documented in SSA-661247 [2].</p> <p>Currently, no products vulnerable to CVE-2021-45105 have been identified.</p> <p>Siemens is investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p> <p>[1] <a href="https://logging.apache.org/log4j/2.x/security.html" class="uri">https://logging.apache.org/log4j/2.x/security.html</a></p> <p>[2] <a href="https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"
CVEs (1)
Remediations
- Refer to Siemens ProductCERT advisory for patch and remediation guidance.
Affected Vendors
Affected Products (1)
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more