1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-23 00:50:48 +00:00

Merge branch 'develop' into google-cloud

This commit is contained in:
justmurphy 2021-12-22 13:48:12 -05:00 committed by GitHub
commit 8ba5867626
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 199 additions and 5 deletions

View file

@ -20,11 +20,13 @@ or imply their endorsement, recommendation, or favoring by CISA.
## Official CISA Guidance & Resources ## ## Official CISA Guidance & Resources ##
- [CISA Apache Log4j Vulnerability Guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance) - [CISA Apache Log4j Vulnerability Guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
- [ALERT (AA21-356A): Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](https://www.cisa.gov/uscert/ncas/alerts/aa21-356a)
- [Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability](https://www.cisa.gov/emergency-directive-22-02) - [Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability](https://www.cisa.gov/emergency-directive-22-02)
- [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability). - [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).
## CISA Current Activity Alerts ## ## CISA Current Activity Alerts ##
- [Mitigating Log4Shell and Other Log4j-Related Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/22/mitigating-log4shell-and-other-log4j-related-vulnerabilities)
- [CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache) - [CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/17/cisa-issues-ed-22-02-directing-federal-agencies-mitigate-apache)
- [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce) - [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
- [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228) - [CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228)

View file

@ -829,10 +829,14 @@ This list was initially populated using information from the following sources:
| Docusign | | | | | [Docusign Alert](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | | | Docusign | | | | | [Docusign Alert](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | |
| DrayTek | Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform | | Not Affected | | [DrayTek Statement](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | 12/15/2021 | | DrayTek | Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform | | Not Affected | | [DrayTek Statement](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | 12/15/2021 |
| DSpace | | | | | [DSpace Google Group](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | | | DSpace | | | | | [DSpace Google Group](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | |
| Dynatrace | Managed cluster nodes | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | | Dynatrace | Managed cluster nodes | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | 12/21/2021 |
| Dynatrace | Managed cluster nodes | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | | Dynatrace | SAAS | | Fixed | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 |
| Dynatrace | Synthetic Activegates | | Fixed |Yes | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | | Dynatrace | FedRamp SAAS | | Fixed | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 |
| Dynatrace | Synthetic Activegates | | Fixed | Yes | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 | | Dynatrace | Synthetic public locations | | Fixed | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 |
| Dynatrace | Synthetic Private ActiveGate | | Fixed | Yes | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | 12/21/2021 |
| Dynatrace | ActiveGate | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 |
| Dynatrace | OneAgent | | Not Affected | No | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | 12/21/2021 |
| Dynatrace | Dynatrace Extensions | | Fixed | Yes (See Notes) | [Official Dynatrace Communication](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | 12/21/2021 |
| EasyRedmine | | | | | [EasyRedmine News](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | | | EasyRedmine | | | | | [EasyRedmine News](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | |
| Eaton | Undisclosed | Undisclosed | Affected | | [Security Bulletin](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | | | Eaton | Undisclosed | Undisclosed | Affected | | [Security Bulletin](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | |
| EclecticIQ | | | | | [EclecticIQ Advisory](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | | | EclecticIQ | | | | | [EclecticIQ Advisory](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | |
@ -892,7 +896,91 @@ This list was initially populated using information from the following sources:
| Ellucian | Ellucian Ellucian Portal | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | | Ellucian | Ellucian Ellucian Portal | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 |
| Ellucian | Ellucian Workflow | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | | Ellucian | Ellucian Workflow | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 |
| Ellucian | Ellucian PowerCampus | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 | | Ellucian | Ellucian PowerCampus | | Not Affected | | [Ellucian Response on Apache Log4j Issue](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | 12/17/2021 |
| Emerson | | | | | [Emerson Cyber Security Notification](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | | | Emerson | K-Series Coriolis Transmitters | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Prolink Configuration Software | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Prolink Mobile Application & ProcessViz Software | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 4732 Endeavor | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Vortex and Magmeter Transmitters | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Mark III Gas and Liquid USM | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | MPFM2600 & MPFM5726 | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | DHNC1 DHNC2 | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | WCM SWGM | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Fieldwatch and Service consoles | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 5726 Transmitter | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | Not Affected | | [Emerson Security Notification MR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | K-Series Coriolis Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Prolink Configuration Software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Prolink Mobile Application & ProcessViz Software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 4732 Endeavor | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Vortex and Magmeter Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Mark III Gas and Liquid USM | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | MPFM2600 & MPFM5726 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | DHNC1 DHNC2 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | WCM SWGM | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Fieldwatch and Service consoles | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 5726 Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Incus Ultrasonic gas leak detector | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Liquid Transmitters: 5081 1066 1056 1057 56 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Combustion: OCX OXT 6888 CX1100 6888Xi | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT4215 QCL Packaging Leak Detection System | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT2211 QCL Aerosol Microleak Detection System | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT4000 QCL Marine OEM Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 3051 & 3051S Pressure transmitter families | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 2051 Pressure Transmitter Family | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 4088 Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 2088 Pressure Transmitter Family | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 2090F/2090P Pressure Transmitters | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 4600 Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 215 Pressure Sensor Module | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 550 PT Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 326P Pressure Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 3144P Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 644 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 848T Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 148 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 248 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 326T Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 327T Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 648 Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 4088 Upgrade Utility | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Engineering Assistant 5.x & 6.x | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | 248 Configuration Application | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount IO-Link Assistant | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount TankMaster and TankMaster Mobile | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount RadarMaster and RadarMaster Plus | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount Radar Configuration Tool | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount 2460 System Hub | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount 2410 Tank Hub | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount 3490 Controller | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount 2230 Graphical Field Display | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount CMS/SCU 51/SCC | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount CMS/WSU 51/SWF 51 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount CMS/IOU 61 | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount Tank Radar Gauges (TGUxx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Rosemount Level Detectors (21xx) | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| Emerson | Emerson Aperio software | | Not Affected | | [Emerson Security Notification EMR.RMT21003-2](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | 12/17/2021 |
| EnterpriseDT | | | | | [EnterpriseDT Statement](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | | | EnterpriseDT | | | | | [EnterpriseDT Statement](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | |
| ESET | | | | | [ESET Statement](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | | | ESET | | | | | [ESET Statement](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | |
| ESRI | ArcGIS Data Store | All | Fixed | Yes | [https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | 12/17/2021 | | ESRI | ArcGIS Data Store | All | Fixed | Yes | [https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | 12/17/2021 |
@ -1167,6 +1255,7 @@ This list was initially populated using information from the following sources:
| HelpSystems Clearswift | | | | | [HelpSystems Clearswift](https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687) | | | | | HelpSystems Clearswift | | | | | [HelpSystems Clearswift](https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687) | | | |
| Hexagon | | | | | [Hexagon Statement](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | | | Hexagon | | | | | [Hexagon Statement](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | |
| Hikvision | | | | | [Hikvision](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | | | Hikvision | | | | | [Hikvision](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | |
| Hitachi Energy | eSOMS | | Not Affected | | [Hitachi Energy](https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications) | | | |
| Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | | | Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | |
| Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | | | Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | |
| HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 | | HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 |
@ -1917,6 +2006,9 @@ This list was initially populated using information from the following sources:
| Pexip | | | | | [Pexip Link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | | | Pexip | | | | | [Pexip Link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | |
| Phenix Id | | | | | [Phenix Id Support Link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | | | Phenix Id | | | | | [Phenix Id Support Link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | |
| Philips | Multiple products | | | | [Philips Security Advisory](https://www.philips.com/a-w/security/security-advisories.html) | | | | | Philips | Multiple products | | | | [Philips Security Advisory](https://www.philips.com/a-w/security/security-advisories.html) | | | |
| PHOENIX CONTACT | Physical products containing firmware | | Not Affected | | [PHOENIX CONTACT Advisory Link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | 12/22/2021 |
| PHOENIX CONTACT | Software Products | | Not Affected | | [PHOENIX CONTACT Advisory Link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | 12/22/2021 |
| PHOENIX CONTACT | Cloud Services | | Affected | | [PHOENIX CONTACT Advisory Link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | Partly affected. Remediations are being implemented. | | 12/22/2021 |
| Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 | | Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
| Ping Identity | PingCentral | | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 | | Ping Identity | PingCentral | | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
| Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 | | Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | Affected | Yes | [Log4j2 vulnerability CVE-2021-44228](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | 2021-12-15 |
@ -2087,6 +2179,7 @@ This list was initially populated using information from the following sources:
| Salesforce | ClickSoftware (On-Premise) | | Unknown | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | 12/15/2021 | | Salesforce | ClickSoftware (On-Premise) | | Unknown | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | 12/15/2021 |
| Salesforce | Community Cloud | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Community Cloud | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 |
| Salesforce | Data.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Data.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 |
| Salesforce | DataLoader | <=53.0.0 | Fixed | | [Vendor Link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | 12/22/2021 |
| Salesforce | Datorama | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)| "Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Datorama | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1)| "Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 |
| Salesforce | Evergage (Interaction Studio) | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | 12/15/2021 | | Salesforce | Evergage (Interaction Studio) | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | 12/15/2021 |
| Salesforce | Force.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 | | Salesforce | Force.com | | Affected | | [Salesforce Statement](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | 12/15/2021 |
@ -2226,6 +2319,40 @@ This list was initially populated using information from the following sources:
| Siemens | VeSys | All Versions >=2019.1 SP1912 only if Teamcenter integration feature is used |Affected | No|[Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledgebase/MG618363). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| |12/18/2021 | | Siemens | VeSys | All Versions >=2019.1 SP1912 only if Teamcenter integration feature is used |Affected | No|[Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledgebase/MG618363). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf)| |12/18/2021 |
| Siemens | Xpedition Enterprise | All Versions >=VX.2.6 | Affected | No| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledge-base/MG618343). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 | | Siemens | Xpedition Enterprise | All Versions >=VX.2.6 | Affected | No| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledge-base/MG618343). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | | 12/18/2021 |
| Siemens | Xpedition IC Packaging | All Versions >=VX.2.6 | Affected | No| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledge-base/MG618343). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf).| |12/18/2021 | | Siemens | Xpedition IC Packaging | All Versions >=VX.2.6 | Affected | No| [Siemens Advisory - SSA-661257: Apache Log4j Vulnerabilities](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) |Currently no remediation is available. Find detailed mitigation steps [here](https://support.sw.siemens.com/en-US/knowledge-base/MG618343). See further recommendations from [Siemens Advisory SSA-661257](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf).| |12/18/2021 |
| Siemens Healthineers | ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | If you have determined that your Atellica Data Manager has a “Java communication engine” service, and you require an immediate mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | | 12/22/2021 |
| Siemens Healthineers | CENTRALINK v16.0.2 / v16.0.3 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | If you have determined that your CentraLink has a “Java communication engine” service, and you require a mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative. | | 12/22/2021 |
| Siemens Healthineers | DICOM Proxy VB10A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 |
| Siemens Healthineers | Somatom Scope Som5 VC50 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 |
| Siemens Healthineers | Somatom Emotion Som5 VC50 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 |
| Siemens Healthineers | go.All, Som10 VA20 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | go.Fit, Som10 VA30 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | go.Now, Som10 VA10 / VA20 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | go.Open Pro, Som10 VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | go.Sim, Som10 VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | go.Up, Som10 VA10 / VA20 / VA30 / VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA 3T NUMARIS/X VA30A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Altea NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X VA31A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Amira NUMARIS/X VA12M | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Free.Max NUMARIS/X VA40 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Lumina NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Sempra NUMARIS/X VA12M | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Sola fit NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Sola NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Vida fit NUMARIS/X VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | MAGNETOM Vida NUMARIS/X VA10A* / VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for "need to access" systems to network port 8090 in case a second console is connected. | | 12/22/2021 |
| Siemens Healthineers | Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 |
| Siemens Healthineers | Syngo MobileViewer VA10A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | The vulnerability will be patch/mitigated in upcoming releases\patches. | | 12/22/2021 |
| Siemens Healthineers | syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 |
| Siemens Healthineers | syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Please contact your Customer Service to get support on mitigating the vulnerability. | | 12/22/2021 |
| Siemens Healthineers | syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 |
| Siemens Healthineers | SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 |
| Siemens Healthineers | Cios Select FD/I.I. VA21 / VA21-S3P | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 |
| Siemens Healthineers | Cios Flow S1 / Alpha / Spin VA30 | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | 12/22/2021 |
| Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | 12/22/2021 |
| Siemens Healthineers | X.Ceed Somaris 10 VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | Affected | See Notes | [Siemens Healthineers](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | 12/22/2021 |
| Sierra Wireless | | | | | [Sierra Wireless Security Bulletin](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | | | Sierra Wireless | | | | | [Sierra Wireless Security Bulletin](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | |
| Signald | | | | | [Signald Gitlab](https://gitlab.com/signald/signald/-/issues/259) | | | | | Signald | | | | | [Signald Gitlab](https://gitlab.com/signald/signald/-/issues/259) | | | |
| Silver Peak | Orchestrator, Silver Peak GMS | | Affected | No | [Security Advisory Notice Apache](https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf) | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | | 12/14/2021 | | Silver Peak | Orchestrator, Silver Peak GMS | | Affected | No | [Security Advisory Notice Apache](https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf) | Customer managed Orchestrator and legacy GMS products are affected by this vulnerability. This includes on-premise and customer managed instances running in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective Action Required for details about how to mitigate this exploit. | | 12/14/2021 |
@ -2390,6 +2517,11 @@ This list was initially populated using information from the following sources:
| Thales | Sentinel Professional Services components (both Thales hosted & hosted on-premises by customers) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | | Thales | Sentinel Professional Services components (both Thales hosted & hosted on-premises by customers) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 |
| Thales | Sentinel SCL | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | | Thales | Sentinel SCL | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 |
| Thales | Thales Data Platform (TDP)(DDC) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 | | Thales | Thales Data Platform (TDP)(DDC) | | Affected | | [Thales Support](https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=12acaed3dbd841105d310573f3961953&sysparm_article=KB0025297) | | | 12/17/2021 |
| Thermo-Calc | Thermo-Calc | 2022a | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal, Install the 2022a patch when available | | 12/22/2021 |
| Thermo-Calc | Thermo-Calc | 2021b | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal | | 12/22/2021 |
| Thermo-Calc | Thermo-Calc | 2018b to 2021a | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal, delete the Log4j 2 files in the program installation if required, see advisory for instructions. | | 12/22/2021 |
| Thermo-Calc | Thermo-Calc | 2018a and earlier | Not Affected | | [Thermo-Calc Advisory Link](https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/) | Use the program as normal | | 12/22/2021 |
| Thermo Fisher Scientific | | | Unknown | | [Thermo Fisher Scientific Advisory Link](https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html) | | | 12/22/2021 |
| Thomson Reuters | HighQ Appliance | <3.5 | Affected | Yes | [https://highqsolutions.zendesk.com](https://highqsolutions.zendesk.com) | Reported by vendor - Documentation is in vendor's client portal (login required). This advisory is available to customer only and has not been reviewed by CISA. | | 12/20/2021 | | Thomson Reuters | HighQ Appliance | <3.5 | Affected | Yes | [https://highqsolutions.zendesk.com](https://highqsolutions.zendesk.com) | Reported by vendor - Documentation is in vendor's client portal (login required). This advisory is available to customer only and has not been reviewed by CISA. | | 12/20/2021 |
| ThreatLocker | | | | | [ThreatLocker Log4j Statement](https://threatlocker.kb.help/log4j-vulnerability/) | | | | | ThreatLocker | | | | | [ThreatLocker Log4j Statement](https://threatlocker.kb.help/log4j-vulnerability/) | | | |
| ThycoticCentrify | Secret Server | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 | | ThycoticCentrify | Secret Server | N/A | Not Affected | | [ThycoticCentrify Products NOT Affected by CVE-2021-44228 Exploit](https://docs.thycotic.com/bulletins/current/2021/cve-2021-44228-exploit.md) | | | 12/10/15 |
@ -2422,6 +2554,46 @@ This list was initially populated using information from the following sources:
| Unimus | | | | | [Unimus Statement](https://forum.unimus.net/viewtopic.php?f=7&t=1390#top) | | | | | Unimus | | | | | [Unimus Statement](https://forum.unimus.net/viewtopic.php?f=7&t=1390#top) | | | |
| USSIGNAL MSP | | | | | [USSIGNAL MSP Statement](https://ussignal.com/blog/apache-log4j-vulnerability) | | | | | USSIGNAL MSP | | | | | [USSIGNAL MSP Statement](https://ussignal.com/blog/apache-log4j-vulnerability) | | | |
| VArmour | | | | | [VArmour Statement](https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility) | | | | | VArmour | | | | | [VArmour Statement](https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility) | | | |
| Varian | Acuity | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | DITC | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ARIA Connect (Cloverleaf) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ARIA oncology information system for Medical Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | XMediusFax for ARIA oncology information system for Medical Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ARIA oncology information system for Radiation Oncology | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ARIA eDOC | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | XMediusFax for ARIA oncology information system for Radiation Oncology | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ARIA Radiation Therapy Management System (RTM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Bravos Console | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Clinac | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Cloud Planner | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | DoseLab | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Eclipse treatment planning software | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ePeerReview | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Ethos | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | FullScale oncology IT solutions | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Halcyon system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Identify | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Information Exchange Manager (IEM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | InSightive Analytics | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Large Integrated Oncology Network (LION) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ICAP | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Mobius3D platform | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | ProBeam | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Qumulate | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Real-time Position Management (RPM) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Respiratory Gating for Scanners (RGSC) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | SmartConnect solution | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Article: 000038850 on MyVarian | | 12/22/2021 |
| Varian | SmartConnect solution Policy Server | All | Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | See Knowledge Articles: 000038831 and 000038832 on MyVarian | | 12/22/2021 |
| Varian | PaaS | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | TrueBeam radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | UNIQUE system | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Varian Authentication and Identity Server (VAIS) | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Varian Managed Services Cloud | All | Under Investigation | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Varian Mobile App | 2.0, 2.5 | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | VariSeed | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Velocity | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | VitalBeam radiotherapy system | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varian | Vitesse | All | Not Affected | | [Varian Advisory Link](https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities) | | | 12/22/2021 |
| Varnish Software | | | | | [Varnish Software Security Notice](https://docs.varnish-software.com/security/CVE-2021-44228-45046/) | | | | | Varnish Software | | | | | [Varnish Software Security Notice](https://docs.varnish-software.com/security/CVE-2021-44228-45046/) | | | |
| Varonis | | | | | [Varonis Notice](https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228) | | | | | Varonis | | | | | [Varonis Notice](https://help.varonis.com/s/article/Apache-Log4j-Zero-Day-Vulnerability-CVE-2021-44228) | | | |
| Veeam | | | | | [Veeam Statement](https://www.veeam.com/kb4254) | | | | | Veeam | | | | | [Veeam Statement](https://www.veeam.com/kb4254) | | | |
@ -2466,11 +2638,14 @@ This list was initially populated using information from the following sources:
| VMware | VMware vRealize Orchestrator | 8.x, 7.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 | | VMware | VMware vRealize Orchestrator | 8.x, 7.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
| VMware | VMware Workspace ONE Access | 21.x, 20.10.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access | 21.x, 20.10.x | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
| VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 | | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | Affected | No | [VMSA-2021-0028.1 (vmware.com)](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | 12/12/2021 |
| Vyaire | | | Not Affected | | [Vyaire Advisory Link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | 12/22/2021 |
| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | Affected | Yes | [WAGO Website](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | 12/17/2021 | | WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | Affected | Yes | [WAGO Website](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | 12/17/2021 |
| Wallarm | | | | | [Lab Mitigation Update](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | | | Wallarm | | | | | [Lab Mitigation Update](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | |
| Wasp Barcode technologies | | | | | [Waspbarcode Assetcloud Inventorycloud](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | | | Wasp Barcode technologies | | | | | [Waspbarcode Assetcloud Inventorycloud](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | |
| WatchGuard | Secplicity | | | | [Secplicity Critical RCE](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | | | WatchGuard | Secplicity | | | | [Secplicity Critical RCE](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | |
| Western Digital | | | | | [Westerndigital Product Security](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | | | Western Digital | | | | | [Westerndigital Product Security](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | |
| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | Affected | Yes | [WIBU Systems Advisory Link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | 12/22/2021 |
| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | Affected | Yes | [WIBU Systems Advisory Link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | 12/22/2021 |
| WindRiver | | | | | [Windriver Security Notice](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | | | WindRiver | | | | | [Windriver Security Notice](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | |
| WireShark | | | | | [Gitlab Wireshark](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | | | WireShark | | | | | [Gitlab Wireshark](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | |
| Wistia | | | | | [Wistia Incidents](https://status.wistia.com/incidents/jtg0dfl5l224) | | | | | Wistia | | | | | [Wistia Incidents](https://status.wistia.com/incidents/jtg0dfl5l224) | | | |
@ -2484,8 +2659,25 @@ This list was initially populated using information from the following sources:
| XPertDoc | | | | | [Xpertdoc](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | | | XPertDoc | | | | | [Xpertdoc](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | |
| XPLG | | | | | [XPLG Secure Log4j](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | | | XPLG | | | | | [XPLG Secure Log4j](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | |
| XWIKI | | | | | [Xwiki CVE-2021-44228](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | | | XWIKI | | | | | [Xwiki CVE-2021-44228](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | |
| Xylem | Aquatalk | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Avensor | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus Analytics | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus Automation Control Configuration change complete | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | Affected | Mitigation in process | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus FieldLogic LogServer | | Affected | Patching complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus Lighting Control | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus NetMetrics Configuration change complete | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus RNI Saas | 4.7 through 4.10, 4.4 through 4.6, 4.2 | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus RNI On Prem | 4.7 through 4.10, 4.4 through 4.6, 4.2 | Affected | Mitigation in process | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Sensus SCS | | Affected |Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Smart Irrigation | | Affected | Remediation in process | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Water Loss Management (Visenti) | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Configuration change complete | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Xylem Cloud | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Xylem | Xylem Edge Gateway (xGW) | | Affected | Pacthing complete | [Xylem Advisory Link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | 12/22/2021 |
| Yellowbrick | | | | | [YellowBrick Security Advisory Yellowbrick](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | | | Yellowbrick | | | | | [YellowBrick Security Advisory Yellowbrick](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | |
| YellowFin | | | | | [YellowFinbi Notice Critical Vulnerability in Log4j](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | | | YellowFin | | | | | [YellowFinbi Notice Critical Vulnerability in Log4j](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | |
| YOKOGAWA | | | Under Investigation | | [YOKOGAWA Advisory Link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | 12/22/2021 |
| YSoft SAFEQ | | | | | [Ysoft Safeq](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | | | YSoft SAFEQ | | | | | [Ysoft Safeq](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | |
| Zabbix | | | | | [Zabbix Log4j](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | | | Zabbix | | | | | [Zabbix Log4j](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | |
| ZAMMAD | | | | | [Zammad Elasticsearch Users](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | | | ZAMMAD | | | | | [Zammad Elasticsearch Users](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | |