From 3cd669cb2e3a6c5bcd45f5b27e6d374c8552f97e Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 22 Dec 2021 09:23:14 -0600 Subject: [PATCH 01/11] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 69 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index c06554c..58eb0b8 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -892,7 +892,74 @@ This list was initially populated using information from the following sources: | Ellucian | Ellucian Ellucian Portal | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | | Ellucian | Ellucian Workflow | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | | Ellucian | Ellucian PowerCampus | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | -| Emerson | | | | | [Emerson Cyber Security Notification](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | | +| Emerson | K-Series Coriolis Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Prolink Configuration Software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Prolink Mobile Application & ProcessViz Software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4732 Endeavor | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Vortex and Magmeter Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Mark III Gas and Liquid USM | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Flarecheck FlowCheck Flowel & PWAM software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | MPFM2600 & MPFM5726 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | DHNC1 DHNC2 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | WCM SWGM | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Fieldwatch and Service consoles | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 5726 Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Incus Ultrasonic gas leak detector | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Liquid Transmitters: 5081 1066 1056 1057 56 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Combustion: OCX OXT 6888 CX1100 6888Xi | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4215 QCL Packaging Leak Detection System | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT2211 QCL Aerosol Microleak Detection System | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4000 QCL Marine OEM Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 3051 & 3051S Pressure transmitter families | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 2051 Pressure Transmitter Family | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4088 Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 2088 Pressure Transmitter Family | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 2090F/2090P Pressure Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4600 Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 215 Pressure Sensor Module | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 550 PT Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 326P Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 3144P Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 644 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 848T Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 148 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 248 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 326T Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 327T Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 648 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4088 Upgrade Utility | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Engineering Assistant 5.x & 6.x | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 248 Configuration Application | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount IO-Link Assistant | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount TankMaster and TankMaster Mobile | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount RadarMaster and RadarMaster Plus | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Radar Configuration Tool | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2460 System Hub | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2410 Tank Hub | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 3490 Controller | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2230 Graphical Field Display | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount CMS/SCU 51/SCC | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount CMS/WSU 51/SWF 51 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount CMS/IOU 61 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Tank Radar Gauges (TGUxx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Level Detectors (21xx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Emerson Aperio software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | | EnterpriseDT | | | | | [EnterpriseDT Statement](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | | | ESET | | | | | [ESET Statement](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | | | ESRI | ArcGIS Data Store | All | Fixed | Yes | [https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | 12/17/2021 | From 2d192d704b1cb92fb491b52c6eb23ecb23961856 Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Wed, 22 Dec 2021 10:24:46 -0500 Subject: [PATCH 02/11] Updating Dynatrace per Issue#287 --- SOFTWARE-LIST.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 977e13f..87f142c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -814,10 +814,14 @@ This list was initially populated using information from the following sources: | Docusign | | | | | [Docusign Alert](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | | | DrayTek | Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform||Not Affected||[DrayTek Statement](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/)|||12/15/2021| | DSpace ||||| [DSpace Google Group](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | | -| Dynatrace | Managed cluster nodes | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | -| Dynatrace | Managed cluster nodes | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | -| Dynatrace | Synthetic Activegates | | Fixed |Yes | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | -| Dynatrace | Synthetic Activegates | | Fixed | Yes | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | +| Dynatrace | Managed cluster nodes | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | 12/21/2021 | +| Dynatrace | SAAS | | Fixed | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | +| Dynatrace | FedRamp SAAS | | Fixed | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | +| Dynatrace | Synthetic public locations | | Fixed | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | +| Dynatrace | Synthetic Private ActiveGate | | Fixed | Yes | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | 12/21/2021 | +| Dynatrace | ActiveGate | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | +| Dynatrace | OneAgent | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | +| Dynatrace | Dynatrace Extensions | | Fixed | Yes (See Notes) | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | 12/21/2021 | | EasyRedmine | | | | | [EasyRedmine News](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | | | Eaton | Undisclosed | Undisclosed | Affected | | [Security Bulletin](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | | | EclecticIQ | | | | | [EclecticIQ Advisory](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | | From 5a8961ee8dab3ce8b4fc37d609652c3603892c51 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 22 Dec 2021 10:24:50 -0500 Subject: [PATCH 03/11] Add CA & Alert 12/22 --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 28bee44..09cda7d 100644 --- a/README.md +++ b/README.md @@ -20,11 +20,13 @@ or imply their endorsement, recommendation, or favoring by CISA. ## Official CISA Guidance & Resources ## - [CISA Apache Log4j Vulnerability Guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) +- [ALERT (AA21-356A): Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](https://www.cisa.gov/uscert/ncas/alerts/aa21-356a) - [Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability](https://www.cisa.gov/emergency-directive-22-02) - [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability). ## CISA Current Activity Alerts ## +- [Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities) - [CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache) - [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce) - [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228) From ac850989c953aace2af184373803cb8c6c8d7869 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 22 Dec 2021 08:25:51 -0700 Subject: [PATCH 04/11] Update SOFTWARE-LIST.md Added PHOENIX CONTACT, Siemens Healthineers, and Thermo Fisher Scientific. --- SOFTWARE-LIST.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 0bb853e..f086cc4 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1790,6 +1790,9 @@ This list was initially populated using information from the following sources: | Pexip | | | | | [Pexip Link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | | | Phenix Id | | | | | [Phenix Id Support Link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | | | Philips | Multiple products | | | | [Philips Security Advisory](https://www.philips.com/a-w/security/security-advisories.html) | | | | +| PHOENIX CONTACT | Physical products containing firmware | | Not Affected | | [PHOENIX CONTACT Advisory Link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | 12/22/2021 | +| PHOENIX CONTACT | Software Products | | Not Affected | | [PHOENIX CONTACT Advisory Link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | 12/22/2021 | +| PHOENIX CONTACT | Cloud Services | | Affected | | [PHOENIX CONTACT Advisory Link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | Partly affected. Remediations are being implemented. | | 12/22/2021 | | Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 | | Ping Identity | PingCentral | | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 | | Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 | @@ -2099,6 +2102,40 @@ This list was initially populated using information from the following sources: | Siemens | VeSys | All Versions >=2019.1 SP1912 only if Teamcenter integration feature is used |Affected | No|[Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledgebase/MG618363). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| |12/18/2021 | | Siemens | Xpedition Enterprise | All Versions >=VX.2.6 | Affected | No| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledge-base/MG618343). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 | | Siemens | Xpedition IC Packaging | All Versions >=VX.2.6 | Affected | No| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledge-base/MG618343). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf).| |12/18/2021 | +| Siemens Healthineers | ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | If you have determined that your Atellica Data Manager has a “Java communication engine” service, and you require an immediate mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | | 12/22/2021 | +| Siemens Healthineers | CENTRALINK v16.0.2 / v16.0.3 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | If you have determined that your CentraLink has a “Java communication engine” service, and you require a mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | | 12/22/2021 | +| Siemens Healthineers | DICOM Proxy VB10A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 | +| Siemens Healthineers | Somatom Scope Som5 VC50 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 | +| Siemens Healthineers | Somatom Emotion Som5 VC50 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 | +| Siemens Healthineers | go.All, Som10 VA20 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | go.Fit, Som10 VA30 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | go.Now, Som10 VA10 / VA20 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | go.Open Pro, Som10 VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | go.Sim, Som10 VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | go.Up, Som10 VA10 / VA20 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA 3T NUMARIS/X VA30A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Altea NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X VA31A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Amira NUMARIS/X VA12M | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Free.Max NUMARIS/X VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Lumina NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Sempra NUMARIS/X VA12M | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Sola fit NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Sola NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Vida fit NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | MAGNETOM Vida NUMARIS/X VA10A* / VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 | +| Siemens Healthineers | Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 | +| Siemens Healthineers | Syngo MobileViewer VA10A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | The vulnerability will be patch/mitigated in upcoming releases\patches. | | 12/22/2021 | +| Siemens Healthineers | syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 | +| Siemens Healthineers | syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Please contact your Customer Service to get support on mitigating the vulnerability. | | 12/22/2021 | +| Siemens Healthineers | syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 | +| Siemens Healthineers | SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 | +| Siemens Healthineers | Cios Select FD/I.I. VA21 / VA21-S3P | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 | +| Siemens Healthineers | Cios Flow S1 / Alpha / Spin VA30 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 | +| Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 | +| Siemens Healthineers | X.Ceed Somaris 10 VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | X.Cite Somaris 10 VA30* / VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | | Sierra Wireless | | | | | [Sierra Wireless Security Bulletin](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | | | Signald | | | | | [Signald Gitlab](https://gitlab.com/signald/signald/-/issues/259) | | | | | Silver Peak | Orchestrator, Silver Peak GMS | | Affected | No | [Security Advisory Notice Apache](https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf) | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | | 12/14/2021 | @@ -2263,6 +2300,7 @@ This list was initially populated using information from the following sources: | Thales | Sentinel Professional Services components (both Thales hosted & hosted on-premises by customers) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | | Thales | Sentinel SCL | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | | Thales | Thales Data Platform (TDP)(DDC) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | +| Thermo Fisher Scientific | | | Unknown | | [Thermo Fisher Scientific Advisory Link](https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html) | | | 12/22/2021 | | Thomson Reuters | HighQ Appliance | <3.5 | Affected | Yes | [https://highqsolutions.zendesk.com](https://highqsolutions.zendesk.com) | Reported by vendor - Documentation is in vendor's client portal (login required). This advisory is available to customer only and has not been reviewed by CISA. | | 12/20/2021 | | ThreatLocker | | | | | [ThreatLocker Log4j Statement](https://threatlocker.kb.help/log4j-vulnerability/) | | | | | ThycoticCentrify | Secret Server | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | From 0f5e05a9ce36e8d18da951e3c3ae66e4197fe50e Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Wed, 22 Dec 2021 09:37:27 -0600 Subject: [PATCH 05/11] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 153 ++++++++++++++++++++++++++--------------------- 1 file changed, 85 insertions(+), 68 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 58eb0b8..6c21c4d 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -892,74 +892,91 @@ This list was initially populated using information from the following sources: | Ellucian | Ellucian Ellucian Portal | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | | Ellucian | Ellucian Workflow | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | | Ellucian | Ellucian PowerCampus | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | -| Emerson | K-Series Coriolis Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Prolink Configuration Software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Prolink Mobile Application & ProcessViz Software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 4732 Endeavor | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Vortex and Magmeter Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Mark III Gas and Liquid USM | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Flarecheck FlowCheck Flowel & PWAM software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | MPFM2600 & MPFM5726 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | DHNC1 DHNC2 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | WCM SWGM | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Fieldwatch and Service consoles | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 5726 Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Incus Ultrasonic gas leak detector | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Liquid Transmitters: 5081 1066 1056 1057 56 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Combustion: OCX OXT 6888 CX1100 6888Xi | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT4215 QCL Packaging Leak Detection System | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT2211 QCL Aerosol Microleak Detection System | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT4000 QCL Marine OEM Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 3051 & 3051S Pressure transmitter families | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 2051 Pressure Transmitter Family | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 4088 Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 2088 Pressure Transmitter Family | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 2090F/2090P Pressure Transmitters | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 4600 Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 215 Pressure Sensor Module | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 550 PT Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 326P Pressure Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 3144P Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 644 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 848T Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 148 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 248 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 326T Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 327T Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 648 Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 4088 Upgrade Utility | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Engineering Assistant 5.x & 6.x | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | 248 Configuration Application | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount IO-Link Assistant | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount TankMaster and TankMaster Mobile | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount RadarMaster and RadarMaster Plus | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount Radar Configuration Tool | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount 2460 System Hub | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount 2410 Tank Hub | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount 3490 Controller | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount 2230 Graphical Field Display | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount CMS/SCU 51/SCC | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount CMS/WSU 51/SWF 51 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount CMS/IOU 61 | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount Tank Radar Gauges (TGUxx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Rosemount Level Detectors (21xx) | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | -| Emerson | Emerson Aperio software | N/A | Not Affected | N/A | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | K-Series Coriolis Transmitters | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Prolink Configuration Software | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Prolink Mobile Application & ProcessViz Software | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4732 Endeavor | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Vortex and Magmeter Transmitters | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Mark III Gas and Liquid USM | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | MPFM2600 & MPFM5726 | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | DHNC1 DHNC2 | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | WCM SWGM | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Fieldwatch and Service consoles | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 5726 Transmitter | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | K-Series Coriolis Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Prolink Configuration Software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Prolink Mobile Application & ProcessViz Software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4732 Endeavor | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Vortex and Magmeter Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Mark III Gas and Liquid USM | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | MPFM2600 & MPFM5726 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | DHNC1 DHNC2 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | WCM SWGM | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Fieldwatch and Service consoles | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 5726 Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Incus Ultrasonic gas leak detector | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Liquid Transmitters: 5081 1066 1056 1057 56 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Combustion: OCX OXT 6888 CX1100 6888Xi | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4215 QCL Packaging Leak Detection System | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT2211 QCL Aerosol Microleak Detection System | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT4000 QCL Marine OEM Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 3051 & 3051S Pressure transmitter families | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 2051 Pressure Transmitter Family | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4088 Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 2088 Pressure Transmitter Family | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 2090F/2090P Pressure Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4600 Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 215 Pressure Sensor Module | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 550 PT Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 326P Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 3144P Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 644 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 848T Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 148 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 248 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 326T Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 327T Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 648 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 4088 Upgrade Utility | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Engineering Assistant 5.x & 6.x | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | 248 Configuration Application | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount IO-Link Assistant | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount TankMaster and TankMaster Mobile | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount RadarMaster and RadarMaster Plus | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Radar Configuration Tool | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2460 System Hub | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2410 Tank Hub | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 3490 Controller | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2230 Graphical Field Display | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount CMS/SCU 51/SCC | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount CMS/WSU 51/SWF 51 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount CMS/IOU 61 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Tank Radar Gauges (TGUxx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Rosemount Level Detectors (21xx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | +| Emerson | Emerson Aperio software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 | | EnterpriseDT | | | | | [EnterpriseDT Statement](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | | | ESET | | | | | [ESET Statement](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | | | ESRI | ArcGIS Data Store | All | Fixed | Yes | [https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | 12/17/2021 | From 32ff70944372feedb14240e7741fba19f95c424c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 22 Dec 2021 10:42:35 -0500 Subject: [PATCH 06/11] Remove spaces --- SOFTWARE-LIST.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index f086cc4..23396dc 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2135,7 +2135,7 @@ This list was initially populated using information from the following sources: | Siemens Healthineers | Cios Flow S1 / Alpha / Spin VA30 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 | | Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 | | Siemens Healthineers | X.Ceed Somaris 10 VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | -| Siemens Healthineers | X.Cite Somaris 10 VA30* / VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | +| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 | | Sierra Wireless | | | | | [Sierra Wireless Security Bulletin](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | | | Signald | | | | | [Signald Gitlab](https://gitlab.com/signald/signald/-/issues/259) | | | | | Silver Peak | Orchestrator, Silver Peak GMS | | Affected | No | [Security Advisory Notice Apache](https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf) | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | | 12/14/2021 | From 5248ed3a4124856c40b6f8f579bb5a160f07c4f4 Mon Sep 17 00:00:00 2001 From: TVA Cyber Risk Date: Wed, 22 Dec 2021 11:47:15 -0500 Subject: [PATCH 07/11] Adding eSOMS --- SOFTWARE-LIST.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 6bf25b4..ab3ef84 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1040,6 +1040,7 @@ This list was initially populated using information from the following sources: | HelpSystems Clearswift | | | | | [HelpSystems Clearswift](https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687) | | | | | Hexagon | | | | | [Hexagon Statement](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | | | Hikvision | | | | | [Hikvision](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | | +| Hitachi Energy | eSOMS | | Not Affected | | [Hitachi Energy](https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications) | | | | | Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | | | Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | | | HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 | From fa98728055493ad822bf1c7c9283a00389ad665c Mon Sep 17 00:00:00 2001 From: LA100ti <96486988+LA100ti@users.noreply.github.com> Date: Wed, 22 Dec 2021 12:12:15 -0500 Subject: [PATCH 08/11] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 1e6710b..bbe9a1d 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2047,6 +2047,7 @@ This list was initially populated using information from the following sources: | Salesforce | ClickSoftware (On-Premise) | | Unknown | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | 12/15/2021 | | Salesforce | Community Cloud | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Data.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | +| Salesforce | DataLoader | <=53.0.0 | Fixed | | [Vendor Link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | 12/22/2021 | | Salesforce | Datorama | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)| "Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Evergage (Interaction Studio) | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | 12/15/2021 | | Salesforce | Force.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | From 86c97277ab7bb14f85d2ff977cfe63adc99264c4 Mon Sep 17 00:00:00 2001 From: LA100ti <96486988+LA100ti@users.noreply.github.com> Date: Wed, 22 Dec 2021 12:31:36 -0500 Subject: [PATCH 09/11] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index bbe9a1d..8f814e5 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2047,7 +2047,7 @@ This list was initially populated using information from the following sources: | Salesforce | ClickSoftware (On-Premise) | | Unknown | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | 12/15/2021 | | Salesforce | Community Cloud | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Data.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | -| Salesforce | DataLoader | <=53.0.0 | Fixed | | [Vendor Link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | 12/22/2021 | +| Salesforce | DataLoader | <=53.0.0 | Fixed | | [Vendor Link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | 12/22/2021 | | Salesforce | Datorama | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)| "Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Evergage (Interaction Studio) | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | 12/15/2021 | | Salesforce | Force.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | From d62c517a4f13f550f032f80043636457d8afe25a Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 22 Dec 2021 11:11:18 -0700 Subject: [PATCH 10/11] Update SOFTWARE-LIST.md Added Thermo-Calc, Varian, Vyaire, WIBU, Xylem, and YOKOGAWA. --- SOFTWARE-LIST.md | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index d9a6c53..8fa5479 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2390,6 +2390,10 @@ This list was initially populated using information from the following sources: | Thales | Sentinel Professional Services components (both Thales hosted & hosted on-premises by customers) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | | Thales | Sentinel SCL | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | | Thales | Thales Data Platform (TDP)(DDC) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | +| Thermo-Calc | Thermo-Calc | 2022a | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal, Install the 2022a patch when available | | 12/22/2021 | +| Thermo-Calc | Thermo-Calc | 2021b | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal | | 12/22/2021 | +| Thermo-Calc | Thermo-Calc | 2018b to 2021a | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal, delete the Log4j 2 files in the program installation if required, see advisory for instructions. | | 12/22/2021 | +| Thermo-Calc | Thermo-Calc | 2018a and earlier | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal | | 12/22/2021 | | Thermo Fisher Scientific | | | Unknown | | [Thermo Fisher Scientific Advisory Link](https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html) | | | 12/22/2021 | | Thomson Reuters | HighQ Appliance | <3.5 | Affected | Yes | [https://highqsolutions.zendesk.com](https://highqsolutions.zendesk.com) | Reported by vendor - Documentation is in vendor's client portal (login required). This advisory is available to customer only and has not been reviewed by CISA. | | 12/20/2021 | | ThreatLocker | | | | | [ThreatLocker Log4j Statement](https://threatlocker.kb.help/log4j-vulnerability/) | | | | @@ -2423,6 +2427,46 @@ This list was initially populated using information from the following sources: | Unimus | | | | | [Unimus Statement](https://forum.unimus.net/viewtopic.php?f=7&t=1390#top) | | | | | USSIGNAL MSP | | | | | [USSIGNAL MSP Statement](https://ussignal.com/blog/apache-log4j-vulnerability) | | | | | VArmour | | | | | [VArmour Statement](https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility) | | | | +| Varian | Acuity® | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | DITC | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ARIA Connect (Cloverleaf) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ARIA® oncology information system for Medical Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | XMediusFax® for ARIA® oncology information system for Medical Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ARIA® oncology information system for Radiation Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ARIA eDOC | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | XMediusFax® for ARIA® oncology information system for Radiation Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ARIA Radiation Therapy Management System (RTM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Bravos® Console | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Clinac® | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Cloud Planner | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | DoseLab | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Eclipse™ treatment planning software | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ePeerReview™ | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Ethos | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | FullScale™ oncology IT solutions | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Halcyon® system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Identify | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Information Exchange Manager (IEM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | InSightive™ Analytics | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Large Integrated Oncology Network (LION) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ICAP | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Mobius3D® platform | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ProBeam® | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Qumulate | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Real-time Position Management (RPM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Respiratory Gating for Scanners (RGSC) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | SmartConnect® solution | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Article: 000038850 on MyVarian | | 12/22/2021 | +| Varian | SmartConnect® solution Policy Server | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Articles: 000038831 and 000038832 on MyVarian | | 12/22/2021 | +| Varian | PaaS | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | TrueBeam® radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | UNIQUE® system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Varian Authentication and Identity Server (VAIS) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Varian Managed Services Cloud | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Varian Mobile App | 2.0, 2.5 | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | VariSeed | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Velocity | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | VitalBeam® radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Vitesse | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varnish Software | | | | | [Varnish Software Security Notice](https://docs.varnish-software.com/security/CVE-2021-44228-45046/) | | | | | Varonis | | | | | [Varonis Notice](https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228) | | | | | Veeam | | | | | [Veeam Statement](https://www.veeam.com/kb4254) | | | | @@ -2467,11 +2511,14 @@ This list was initially populated using information from the following sources: | VMware | VMware vRealize Orchestrator | 8.x, 7.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access | 21.x, 20.10.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 | +| Vyaire | | | Not Affected | | [Vyaire Advisory Link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | 12/22/2021 | | WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | Affected | Yes | [WAGO Website](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | 12/17/2021 | | Wallarm | | | | | [Lab Mitigation Update](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | | | Wasp Barcode technologies | | | | | [Waspbarcode Assetcloud Inventorycloud](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | | | WatchGuard | Secplicity | | | | [Secplicity Critical RCE](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | | | Western Digital | | | | | [Westerndigital Product Security](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | | +| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | Affected | Yes | [WIBU Systems Advisory Link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | 12/22/2021 | +| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | Affected | Yes | [WIBU Systems Advisory Link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | 12/22/2021 | | WindRiver | | | | | [Windriver Security Notice](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | | | WireShark | | | | | [Gitlab Wireshark](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | | | Wistia | | | | | [Wistia Incidents](https://status.wistia.com/incidents/jtg0dfl5l224) | | | | @@ -2485,8 +2532,25 @@ This list was initially populated using information from the following sources: | XPertDoc | | | | | [Xpertdoc](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | | | XPLG | | | | | [XPLG Secure Log4j](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | | | XWIKI | | | | | [Xwiki CVE-2021-44228](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | | +| Xylem | Aquatalk | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Avensor | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus Analytics | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus Automation Control Configuration change complete | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | Affected | Mitigation in process | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus FieldLogic LogServer | | Affected | Patching complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus Lighting Control | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus NetMetrics Configuration change complete | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus RNI Saas | 4.7 through 4.10, 4.4 through 4.6, 4.2 | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus RNI On Prem | 4.7 through 4.10, 4.4 through 4.6, 4.2 | Affected | Mitigation in process | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Sensus SCS | | Affected |Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Smart Irrigation | | Affected | Remediation in process | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Water Loss Management (Visenti) | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Configuration change complete | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Xylem Cloud | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | +| Xylem | Xylem Edge Gateway (xGW) | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 | | Yellowbrick | | | | | [YellowBrick Security Advisory Yellowbrick](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | | | YellowFin | | | | | [YellowFinbi Notice Critical Vulnerability in Log4j](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | | +| YOKOGAWA | | | Under Investigation | | [YOKOGAWA Advisory Link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | 12/22/2021 | | YSoft SAFEQ | | | | | [Ysoft Safeq](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | | | Zabbix | | | | | [Zabbix Log4j](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | | | ZAMMAD | | | | | [Zammad Elasticsearch Users](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | | From 638db2c6291e2a576d4f256822f930e47707595b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 22 Dec 2021 13:23:30 -0500 Subject: [PATCH 11/11] Remove characters --- SOFTWARE-LIST.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 8fa5479..e646f9f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2427,45 +2427,45 @@ This list was initially populated using information from the following sources: | Unimus | | | | | [Unimus Statement](https://forum.unimus.net/viewtopic.php?f=7&t=1390#top) | | | | | USSIGNAL MSP | | | | | [USSIGNAL MSP Statement](https://ussignal.com/blog/apache-log4j-vulnerability) | | | | | VArmour | | | | | [VArmour Statement](https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility) | | | | -| Varian | Acuity® | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Acuity | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | DITC | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | ARIA Connect (Cloverleaf) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | ARIA® oncology information system for Medical Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | XMediusFax® for ARIA® oncology information system for Medical Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | ARIA® oncology information system for Radiation Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ARIA oncology information system for Medical Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | XMediusFax for ARIA oncology information system for Medical Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ARIA oncology information system for Radiation Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | ARIA eDOC | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | XMediusFax® for ARIA® oncology information system for Radiation Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | XMediusFax for ARIA oncology information system for Radiation Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | ARIA Radiation Therapy Management System (RTM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | Bravos® Console | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | Clinac® | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Bravos Console | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Clinac | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Cloud Planner | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | DoseLab | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | Eclipse™ treatment planning software | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | ePeerReview™ | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Eclipse treatment planning software | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ePeerReview | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Ethos | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | FullScale™ oncology IT solutions | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | Halcyon® system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | FullScale oncology IT solutions | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Halcyon system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Identify | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Information Exchange Manager (IEM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | InSightive™ Analytics | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | InSightive Analytics | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Large Integrated Oncology Network (LION) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | ICAP | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | Mobius3D® platform | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | ProBeam® | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | Mobius3D platform | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | ProBeam | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Qumulate | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Real-time Position Management (RPM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Respiratory Gating for Scanners (RGSC) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | SmartConnect® solution | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Article: 000038850 on MyVarian | | 12/22/2021 | -| Varian | SmartConnect® solution Policy Server | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Articles: 000038831 and 000038832 on MyVarian | | 12/22/2021 | +| Varian | SmartConnect solution | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Article: 000038850 on MyVarian | | 12/22/2021 | +| Varian | SmartConnect solution Policy Server | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Articles: 000038831 and 000038832 on MyVarian | | 12/22/2021 | | Varian | PaaS | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | TrueBeam® radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | UNIQUE® system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | TrueBeam radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | UNIQUE system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Varian Authentication and Identity Server (VAIS) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Varian Managed Services Cloud | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Varian Mobile App | 2.0, 2.5 | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | VariSeed | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Velocity | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | -| Varian | VitalBeam® radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | +| Varian | VitalBeam radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varian | Vitesse | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 | | Varnish Software | | | | | [Varnish Software Security Notice](https://docs.varnish-software.com/security/CVE-2021-44228-45046/) | | | | | Varonis | | | | | [Varonis Notice](https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228) | | | |