Add Abbott and Accellence Tech products

2 years ago · bcdeb389e1
parent cd4e23ff35
commit bcdeb389e1
1 changed files with 73 additions and 36 deletions
--- a/data/cisagov_A.yml
+++ b/data/cisagov_A.yml
@ -5,7 +5,7 @@ owners:
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: ABB
-    product: ''
+    product: AlarmInsight Cloud
    cves:
      cve-2021-4104:
        investigated: false
@ -13,10 +13,11 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - ''
      cve-2021-45046:
        investigated: false
        affected_versions: []
@ -28,13 +29,13 @@ software:
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
-      - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch
+      - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: ABB
-    product: ABB Remote Service
+    product: B&R Products
    cves:
      cve-2021-4104:
        investigated: false
@ -43,10 +44,10 @@ software:
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
-        affected_versions:
+        affected_versions: []
          - ABB Remote Platform (RAP)
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - ''
      cve-2021-45046:
        investigated: false
        affected_versions: []
@ -57,13 +58,14 @@ software:
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
-    vendor_links: []
+    vendor_links:
      - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: ABB
-    product: AlarmInsight Cloud
+    product: Remote Service
    cves:
      cve-2021-4104:
        investigated: false
@ -71,10 +73,10 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
-        affected_versions:
+        affected_versions: []
-          - AlarmInsight KPI Dashboards 1.0.0
+        fixed_versions:
-        fixed_versions: []
+          - ''
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
@ -86,13 +88,14 @@ software:
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
-    vendor_links: []
+    vendor_links:
      - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt
    notes: ''
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
-  - vendor: ABB
+  - vendor: Abbott
-    product: B&R Products
+    product: All
    cves:
      cve-2021-4104:
        investigated: false
@ -101,8 +104,7 @@ software:
        unaffected_versions: []
      cve-2021-44228:
        investigated: false
-        affected_versions:
+        affected_versions: []
          - See Vendor Advisory
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
@ -116,13 +118,13 @@ software:
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
-      - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf
+      - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html
-    notes: ''
+    notes: Details are shared with customers with an active RAP subscription.
    references:
      - ''
-    last_updated: '2022-01-12T07:18:50+00:00'
+    last_updated: '2021-12-15T00:00:00'
  - vendor: Abbott
-    product: ''
+    product: GLP Track System
    cves:
      cve-2021-4104:
        investigated: false
@ -130,8 +132,10 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
-        affected_versions: []
+        affected_versions:
          - 'Track Sample Manager (TSM)'
          - 'Track Workflow Manager (TWM)'
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
@ -146,12 +150,12 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html
-    notes: ''
+    notes: Abbott will provide a fix for this in a future update expected in January 2022.
    references:
      - ''
    last_updated: '2021-12-15T00:00:00'
  - vendor: Abnormal Security
-    product: Abnormal Security
+    product: All
    cves:
      cve-2021-4104:
        investigated: false
@ -159,10 +163,11 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
          - ''
      cve-2021-45046:
        investigated: false
        affected_versions: []
@ -179,8 +184,8 @@ software:
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
-  - vendor: Accellence
+  - vendor: Accellence Technologies
-    product: ''
+    product: EBÜS
    cves:
      cve-2021-4104:
        investigated: false
@ -188,10 +193,42 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions: []
        fixed_versions:
          - 'All'
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45105:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
      - https://www.accellence.de/en/articles/cve-2021-44228-62
    notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although
      it includes several 3rd-partie software setups, which may be affected.	
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: Accellence Technologies
    product: Vimacc
    cves:
      cve-2021-4104:
        investigated: false
        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
        investigated: true
        affected_versions: []
        fixed_versions: []
        unaffected_versions:
          - ''
      cve-2021-45046:
        investigated: false
        affected_versions: []
@ -203,7 +240,7 @@ software:
        fixed_versions: []
        unaffected_versions: []
    vendor_links:
-      - https://www.accellence.de/en/articles/national-vulnerability-database-62
+      - https://www.accellence.de/en/articles/cve-2021-44228-62
    notes: ''
    references:
      - ''
@ -220,7 +257,7 @@ software:
        investigated: true
        affected_versions: []
        fixed_versions:
-          - v7.6 release
+          - 'v7.6 release'
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
@ -234,12 +271,12 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/
-    notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to
+    notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to
      address the vulnerability. This patch release adds the mitigation for CVE-2021-44228
      contained in the Solr package as recommended by Apache Solr group. Specifically,
      it updates the Log4j library to a non-vulnerable version on CentOS 7 systems
-      as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true”
+      as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
-      to disable the possible attack vector on both CentOS 6 and CentOS 7."'
+      to disable the possible attack vector on both CentOS 6 and CentOS 7.
    references:
      - ''
    last_updated: '2021-12-16T00:00:00'