From 9e51b441a0a3c2a3caa5568b8e6d68afd4bae868 Mon Sep 17 00:00:00 2001
From: David Zomaya <davidzomaya@mail.com>
Date: Tue, 4 Jan 2022 13:55:38 -0600
Subject: [PATCH 1/4] Adding details for Tripp Lite UPS/PDU/cooler network
 cards and associated software based on offical KB article from tripplite.com

---
 SOFTWARE-LIST.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index ae73ad8..716434e 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -2662,6 +2662,13 @@ This list was initially populated using information from the following sources:
 | TPLink |Omega Controller|Linux/Windows(all)|Affected|Yes|[Statement on Apache Log4j Vulnerability](https://www.tp-link.com/us/support/faq/3255)|Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16|[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)|12/15/2021|
 | TrendMicro | All | | Under Investigation | | [https://success.trendmicro.com/solution/000289940](https://success.trendmicro.com/solution/000289940) | | | |
 | Tricentis Tosca | | | | | [Tricentis Tosca Statement](https://support-hub.tricentis.com/open?number=NEW0001148&id=post) | | | |
+| Tripp Lite |LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022|
+| Tripp Lite |SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or embedded SNMPWEBCARD| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022|
+| Tripp Lite |PowerAlert Local (PAL) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability.| | |
+| Tripp Lite |PowerAlert Network Shutdown Agent (PANSA)| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability.| | 01/04/2022|
+| Tripp Lite |PowerAlert Network Management System (PANMS) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) |Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | 01/04/2022|
+| Tripp Lite |TLNETCARD and associated software| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022|
+| Tripp Lite |PowerAlertElement Manager (PAEM)| 1.0.0| Affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which will contain a patched version of Log4j2 | |01/04/2022 |
 | Tripwire | | | | | [Tripwire Log4j Statement](https://www.tripwire.com/log4j) | | | |
 | Trimble | eCognition | 10.2.0 Build 4618 | Affected | No | Details are shared with active subscribers | Remediation steps provided by Trimble | | 12/23/2021 |
 | TrueNAS | | | | | [TrueNAS Statement](https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559) | | | |

From 130d1c01525ad0905558160166e37d3a29cf9439 Mon Sep 17 00:00:00 2001
From: Hallewellgov <81631220+Hallewellgov@users.noreply.github.com>
Date: Wed, 5 Jan 2022 11:33:50 -0500
Subject: [PATCH 2/4] Update SOFTWARE-LIST.md

Per the Zscaler website, some of their products were affected and have been patched.
---
 SOFTWARE-LIST.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index ae73ad8..9adc15e 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -2816,6 +2816,6 @@ This list was initially populated using information from the following sources:
 | Zix | | | | | [Zix Appriver Statement](https://status.appriver.com/) | | | 12/16/2021 |
 | Zoom | | | | | [Zoom Security Exposure](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | |
 | ZPE systems Inc | | | | | [ZpeSystems CVE-2021-44228](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | |
-| Zscaler | See Link (Multiple Products) | | Not Affected | No | [CVE-2021-44228 log4j Vulnerability](https://trust.zscaler.com/posts/9581) | | | 12/15/2021 |
+| Zscaler | See Link (Multiple Products) | | Fixed | Yes | [CVE-2021-44228 log4j Vulnerability](https://trust.zscaler.com/posts/9581) | | | 12/15/2021 |
 | Zyxel | | | | | [Zyxel Security Advisory for Apache Log4j](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | |
 | Zyxel | Security Firewall/Gateways | ZLD Firmware Security Services, Nebula | Not Affected | N/A | [Zyxel Security Advisory](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | 12/14/2021 |

From 895183955a20946a390f0dbb55572404a1a1f3a0 Mon Sep 17 00:00:00 2001
From: iainDe <96153057+iainDe@users.noreply.github.com>
Date: Wed, 5 Jan 2022 11:47:37 -0500
Subject: [PATCH 3/4] Update SOFTWARE-LIST.md

Adjusted the White Space between pipes for formatting requirements.
---
 SOFTWARE-LIST.md | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index 716434e..841159b 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -2662,13 +2662,13 @@ This list was initially populated using information from the following sources:
 | TPLink |Omega Controller|Linux/Windows(all)|Affected|Yes|[Statement on Apache Log4j Vulnerability](https://www.tp-link.com/us/support/faq/3255)|Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16|[Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j)|12/15/2021|
 | TrendMicro | All | | Under Investigation | | [https://success.trendmicro.com/solution/000289940](https://success.trendmicro.com/solution/000289940) | | | |
 | Tricentis Tosca | | | | | [Tricentis Tosca Statement](https://support-hub.tricentis.com/open?number=NEW0001148&id=post) | | | |
-| Tripp Lite |LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022|
-| Tripp Lite |SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or embedded SNMPWEBCARD| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022|
-| Tripp Lite |PowerAlert Local (PAL) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability.| | |
-| Tripp Lite |PowerAlert Network Shutdown Agent (PANSA)| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability.| | 01/04/2022|
-| Tripp Lite |PowerAlert Network Management System (PANMS) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) |Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | 01/04/2022|
-| Tripp Lite |TLNETCARD and associated software| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022|
-| Tripp Lite |PowerAlertElement Manager (PAEM)| 1.0.0| Affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which will contain a patched version of Log4j2 | |01/04/2022 |
+| Tripp Lite | LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022 |
+| Tripp Lite | SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or embedded SNMPWEBCARD | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022 |
+| Tripp Lite | PowerAlert Local (PAL) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | 01/04/2022 |
+| Tripp Lite | PowerAlert Network Shutdown Agent (PANSA) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability.| | 01/04/2022 |
+| Tripp Lite | PowerAlert Network Management System (PANMS) | | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) |Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | 01/04/2022 |
+| Tripp Lite | TLNETCARD and associated software| | Not affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | 01/04/2022 |
+| Tripp Lite | PowerAlertElement Manager (PAEM)| 1.0.0 | Affected | | [Tripp Lite Log4j2 Knowledge Base Article](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which will contain a patched version of Log4j2 | |01/04/2022 |
 | Tripwire | | | | | [Tripwire Log4j Statement](https://www.tripwire.com/log4j) | | | |
 | Trimble | eCognition | 10.2.0 Build 4618 | Affected | No | Details are shared with active subscribers | Remediation steps provided by Trimble | | 12/23/2021 |
 | TrueNAS | | | | | [TrueNAS Statement](https://www.truenas.com/community/threads/log4j-vulnerability.97359/post-672559) | | | |

From 85fab066fdded3acf08bc614e98b7cf819a6e04a Mon Sep 17 00:00:00 2001
From: inl-ics <96266975+inl-ics@users.noreply.github.com>
Date: Wed, 5 Jan 2022 10:50:34 -0700
Subject: [PATCH 4/4] Update SOFTWARE-LIST.md

Added Hitachi Energy products
---
 SOFTWARE-LIST.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md
index 184d79c..440c817 100644
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@@ -1326,7 +1326,24 @@ This list was initially populated using information from the following sources:
 | HENIX | Squash TM | 1.21.7 - 1.22.9, 2.0.3 - 2.1.5,  2.2.0 - 3.0.2 | Fixed | | [Vendor Link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | 12/23/2021 |
 | Hexagon | | | | | [Hexagon Statement](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | |
 | Hikvision | | | | | [Hikvision](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | |
+| Hitachi Energy | 3rd party - Elastic Search, Kibana | Elasticsearch 5.0.0+ | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node of the cluster. | | 01/05/2022 |
+| Hitachi Energy | Axis | 3.6 | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. Axis is a fully SaaS hosted solution adn the enviroment has been patched per the recommendations | | 01/05/2022 |
+| Hitachi Energy | Counterparty Settlement and Billing (CSB) | v6 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | 01/05/2022 |
+| Hitachi Energy | e-Mesh Monitor | | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No end-user action needed. The affected e-Mesh Monitor part is at the cloud offering side of which the remediation is handled by Hitachi Energy team. Remediation is currently ongoing, and during this time period, e-Mesh Monitor edge device is not able to upload data to cloud. | | 01/05/2022 |
 | Hitachi Energy | eSOMS | | Not Affected | | [Hitachi Energy](https://www.hitachienergy.com/offering/solutions/cybersecurity/alerts-and-notifications) | | | |
+| Hitachi Energy | FOXMAN-UN | R15A, R14B, R14A, R11B SP1 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. . For details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | 01/05/2022 |
+| Hitachi Energy | FOXMAN-UN | R11A and R10 series | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Apply General Mitigations and upgrade to latest version. For upgrades, please get in touch with your Hitachi Energy contacts. | | 01/05/2022 |
+| Hitachi Energy | Lumada APM SaaS offering | | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The SaaS offering has been patched per the recommendations. | | 01/05/2022 |
+| Hitachi Energy | Lumada APM On-premises | | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions for various versions. | | 01/05/2022 |
+| Hitachi Energy | Lumada EAM / FSM | v1.7.x, v1.8.x, v1.9.x | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See Section Mitigation Strategy in vendor advisory. | | 01/05/2022 |
+| Hitachi Energy | MMS Internal facing subcomponent. | | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | 01/05/2022 |
+| Hitachi Energy | Network Manager Outage Management Interface (CMI) | 9.0 - 9.10.44, 9.1.1, 10.3.4 | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | 01/05/2022 |
+| Hitachi Energy | Network Manager ADMS Network Model Server | 9.1.0.32 - 9.1.0.44 | Fixed | No | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | 01/05/2022 |
+| Hitachi Energy | 3rd party - Oracle Database Components | 12.1, 12.2, 19c | Fixed | | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | As this is a third-party component, a separate patch management report will be provided to customers with the steps to apply the Oracle provided patches for these components. | | 01/05/2022 |
+| Hitachi Energy | nMarket Global I-SEM | 3.7.15, 3.7.16 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | 01/05/2022 |
+| Hitachi Energy | RelCare | 2.0.0 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The RelCare SaaS hosted solution and the on-premises have been patched per the recommendations. | | 01/05/2022 |
+| Hitachi Energy | UNEM | R15A, R14B, R14A, R11B SP1 | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. For details on how to apply such patch, please refer to the technical bulletin “UNEM - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | 01/05/2022 |
+| Hitachi Energy | UNEM | R11A and R10 series | Fixed | Yes | [Hitachi Energy Advisory Link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Apply General Mitigations and upgrade to latest version. For upgrades, please get in touch with your Hitachi Energy contacts. | | 01/05/2022 |
 | Hitachi Vantara | | | | | [Hitachi Vantara](https://knowledge.hitachivantara.com/Support_Information/Hitachi_Vantara_Security_Advisories/CVE-2021-44228_-_Apache_Log4j2) | | | |
 | Honeywell | | | | | [Honeywell Statement](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | |
 | HP | Teradici Cloud Access Controller | < v113 | Fixed | Yes | [Apache Log4j update for Teradici PCoIP Connection Manager, Teradici Cloud Access Connector, Teradici PCoIP License Server, Teradici Management Console, and Teradici EMSDK](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | 2021-12-17 |