From cd80419c60fcc029808e8fff864a44b8ac611239 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 10:54:39 -0700 Subject: [PATCH 1/4] Update cisagov_I.yml Updated Inductive Automation Ignition product. --- data/cisagov_I.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 774ab9a..8c9c197 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6216,7 +6216,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Inductive Automation - product: '' + product: Ignition cves: cve-2021-4104: investigated: false @@ -6224,10 +6224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -6240,10 +6241,10 @@ software: unaffected_versions: [] vendor_links: - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: '' + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-19T00:00:00' - vendor: IndustrialDefender product: '' cves: From 6aa19e8d58fb8a9e5a91d79c4d879ae0ab80e124 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 10:58:12 -0700 Subject: [PATCH 2/4] Update cisagov_M.yml Added Moxa Vendor information --- data/cisagov_M.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 5e33f8f..9c2423a 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -2527,6 +2527,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Mulesoft product: '' cves: From 36445fc3e7c04707fa4d3d0e51c6d0d4c64d4d02 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 11:01:15 -0700 Subject: [PATCH 3/4] Update cisagov_T.yml Added Tridium vendor --- data/cisagov_T.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/data/cisagov_T.yml b/data/cisagov_T.yml index 188d8dc..ff7a99e 100644 --- a/data/cisagov_T.yml +++ b/data/cisagov_T.yml @@ -2927,6 +2927,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Tridium + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability status. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Tripp Lite product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) From 2513388f7aefdaa08661fed4f02ec30a768ffbeb Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 11:03:31 -0700 Subject: [PATCH 4/4] Update cisagov_V.yml Added Video Insight vendor --- data/cisagov_V.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 5a6257a..4d2e58d 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -1408,6 +1408,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Viso Trust product: '' cves: