← Back to home
SIEMENS-SSA-784507  ·  Published 2021-12-28  ·  View on Siemens ProductCERT ↗

SSA-784507 V1.0: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products

CVSS 6.6 MEDIUM

Risk Summary

<p>Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) contain a vulnerability (CVE-2021-44832) that could allow an attacker with permission to modify the logging configuration file to execute arbitrary code, when the JDBC Appender is used [1].</p> <p>This advisory informs about the impact of CVE-2021-44832 to Siemens products and the corresponding remediation and mitigation measures. The vulnerability is different from other JNDI lookup vulnerabilities, the impact of which is documented in SSA-661247 [2].</p> <p>Currently, no products vulnerable to CVE-2021-44832 have been identified.</p> <p>Siemens is investigating to determine which products are affected and is continuously updating this advisory as more information becomes available. See section Additional Information for more details regarding the investigation status.</p> <p>[1] <a href="https://logging.apache.org/log4j/2.x/security.html" class="uri">https://logging.apache.org/log4j/

CVEs (1)

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-784507 V1.0: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more