From 287f2682b4d0180009b13454da6df45fc77545cb Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 20 Dec 2021 09:07:50 -0500 Subject: [PATCH 1/8] Add ED 22-02 link --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4380ef5..ecc455f 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ or imply their endorsement, recommendation, or favoring by CISA. ## Official CISA Guidance & Resources ## +- [Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability](https://www.cisa.gov/emergency-directive-22-02) - [CISA Apache Log4j Vulnerability Guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) - [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability). From 38bd5478d07c55f98d460b34db38dea6b4dd40f2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 20 Dec 2021 09:11:39 -0500 Subject: [PATCH 2/8] Add CA for ED 22-02 --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ecc455f..8400390 100644 --- a/README.md +++ b/README.md @@ -18,12 +18,13 @@ or imply their endorsement, recommendation, or favoring by CISA. ## Official CISA Guidance & Resources ## -- [Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability](https://www.cisa.gov/emergency-directive-22-02) - [CISA Apache Log4j Vulnerability Guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) +- [Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability](https://www.cisa.gov/emergency-directive-22-02) - [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability). ## CISA Current Activity Alerts ## +- [CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache) - [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce) - [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228) From dec5c0628dd21ab8def322dd91018b139e5a2774 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 20 Dec 2021 09:13:52 -0500 Subject: [PATCH 3/8] Add link to webpage at top --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8400390..6746502 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # CISA Log4j (CVE-2021-44228) Vulnerability Guidance # -This repository provides CISA's guidance and an overview of related software -regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and -administrators to review the +This repository provides [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) +and an overview of related software regarding the Log4j vulnerability +(CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. From 7189127278ed0b2bd1ef378c5809a5842294f622 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 20 Dec 2021 09:15:00 -0500 Subject: [PATCH 4/8] Fix whitespace --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6746502..a9b4c28 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # CISA Log4j (CVE-2021-44228) Vulnerability Guidance # -This repository provides [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) +This repository provides [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) From 062170d35d794bfbdf318f2b5d20f0fc020a7078 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 20 Dec 2021 09:23:16 -0500 Subject: [PATCH 5/8] Fix spacing isssues --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a9b4c28..9bf694b 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,8 @@ # CISA Log4j (CVE-2021-44228) Vulnerability Guidance # -This repository provides [CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) -and an overview of related software regarding the Log4j vulnerability +This repository provides +[CISA's guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) +and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. From 689ea7c8fe5d764910f0e29316dba89f31ad3d9c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 20 Dec 2021 09:27:20 -0500 Subject: [PATCH 6/8] Fix Formatting --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9bf694b..405b3af 100644 --- a/README.md +++ b/README.md @@ -2016,14 +2016,14 @@ Apache|Camel|3.14.1.3.11.5,3.7.7|Affected|Yes|[APACHE CAMEL AND CVE-2021-44228 ( | Thales | Multiple products | | | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | | | The Access Group | | | | | [The Access Group Response](https://pages.theaccessgroup.com/Response-Log4J-Dec21.html) | | | | | ThreatLocker | | | | | [ThreatLocker Log4j Statement](https://threatlocker.kb.help/log4j-vulnerability/) | | | | -|ThycoticCentrify|Secret Server|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| -|ThycoticCentrify|Privilege Manager|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| -|ThycoticCentrify|Account Lifecycle Manager|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| -|ThycoticCentrify|Privileged Behavior Analytics|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| -|ThycoticCentrify|DevOps Secrets Vault|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| -|ThycoticCentrify|Connection Manager|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| -|ThycoticCentrify|Password Reset Server|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| -|ThycoticCentrify|Cloud Suite|N/A|Not Affected||[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md)|||12/10/15| +| ThycoticCentrify | Secret Server | N/A | Not Affected | |[ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | +| ThycoticCentrify | Privilege Manager | N/A | Not Affected || [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | +| ThycoticCentrify | Account Lifecycle Manager | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | +| ThycoticCentrify | Privileged Behavior Analytics | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | +| ThycoticCentrify | DevOps Secrets Vault | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | +| ThycoticCentrify | Connection Manager | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | +| ThycoticCentrify | Password Reset Server | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | +| ThycoticCentrify | Cloud Suite | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | | Tibco | | | | | [Tibco Support Link](https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update) | | | | | Top Gun Technology (TGT) | | | | | [TGT Bulletin](https://www.topgun-tech.com/technical-bulletin-apache-software-log4j-security-vulnerability-cve-2021-44228/) | | | | | TopDesk | | | | | [TopDesk Statement](https://my.topdesk.com/tas/public/ssp/content/detail/knowledgeitem?unid=74952771dfab4b0794292e63b0409314) | | | | From fe9e926cb20471ece8d15deccc9ee7108834c82a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 20 Dec 2021 10:51:15 -0500 Subject: [PATCH 7/8] Fix version # for update --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 405b3af..a71346b 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ This repository provides and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the [official Apache release](https://logging.apache.org/log4j/2.x/security.html) -and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately. +and upgrade to Log4j 2.17.0 or apply the recommended mitigations immediately. The information in this repository is provided "as is" for informational purposes only and is being assembled and updated by CISA through From 43742da72c62aceb39c0261f1f53bcfafde4ca06 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 20 Dec 2021 11:46:36 -0700 Subject: [PATCH 8/8] Update README.md Added Abbott vendor, also added Schneider Electric vendor products instead of single line. --- README.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a71346b..707cb0e 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,7 @@ This list was initially populated using information from the following sources: | ABB | ABB Remote Service | ABB Remote Platform (RAP) | Affected | | Details are shared with active subscribers | | | | | ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | Under Investigation | | | | | | | ABB | B&R Products | See Vendor Advisory | | | [BR-Automation Advisory](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | | +| Abbott | | | | | [Abbott Advisory Link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | | | 12/30/2021 | | Accellence | | | | | [Accellence Article](https://www.accellence.de/en/articles/national-vulnerability-database-62) | | | | | Accellion | Kiteworks | v7.6 release | Fixed | Yes | [Kiteworks Statement](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." | |12/16/2021 | | Acquia | | | | | [Acquia Article](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | | @@ -1813,7 +1814,29 @@ Apache|Camel|3.14.1.3.11.5,3.7.7|Affected|Yes|[APACHE CAMEL AND CVE-2021-44228 ( | SBT | SBT | <1.5.6 | Affected | Yes | [Release 1.5.7 · sbt/sbt(github.com)](https://github.com/sbt/sbt/releases/tag/v1.5.7) | | | 12/15/2021 | | ScaleComputing | | | | | [ScaleComputing Community Link](https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability) |This advisory is available to customers only and has not been reviewed by CISA | | | | ScaleFusion MobileLock Pro | | | | | [ScaleFusion MobileLock Pro Help](https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228) | | | | -| Schneider Electric | | | | | [Schneider Electric Link](https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01) | | | | +| Schneider Electric | EcoStruxure IT Gateway | V1.5.0 to V1.13.0 | Fixed | Yes | [EcoStruxure Link](https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/) | | | 12/20/2021 | +| Schneider Electric | EcoStruxure IT Expert | Cloud | Fixed | Yes | | | | 12/20/2021 | +| Schneider Electric | Facility Expert Small Business | Cloud | Fixed | Yes | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | Wiser by SE platform | Cloud | Fixed | Yes | | | | 12/20/2021 | +| Schneider Electric | EASYFIT | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | Ecoreal XL | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | Eurotherm Data Reviewer | V3.0.2 and prior | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | MSE | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | NetBotz750/755 | Software versions 5.0 through 5.3.0 | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | NEW630 | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SDK BOM | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SDK-Docgen | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SDK-TNC | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SDK-UMS | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SDK3D2DRenderer | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SDK3D360Widget | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | Select and Config DATA | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SNC-API | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SNC-CMM | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SNCSEMTECH | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SPIMV3 | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SWBEditor | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | +| Schneider Electric | SWBEngine | Current software and earlier | Affected | | [SE Cybersecurity Best Practices](https://www.se.com/us/en/download/document/7EN52-0390/) | | | 12/20/2021 | | SCM Manager | | | | | [SCM Manager Link](https://scm-manager.org/blog/posts/2021-12-13-log4shell/) | | | | | ScreenBeam | | | | | [ScreenBeam Article](https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228) | | | | | SDL worldServer | | | | | [SDL worldServer Link](https://gateway.sdl.com/apex/communityknowledge?articleName=000017707) | | | |