|
|
|
@ -5,7 +5,7 @@ owners: |
|
|
|
|
url: https://github.com/cisagov/log4j-affected-db |
|
|
|
|
software: |
|
|
|
|
- vendor: GE Digital |
|
|
|
|
product: '' |
|
|
|
|
product: All |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
@ -35,7 +35,7 @@ software: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Digital Grid |
|
|
|
|
product: '' |
|
|
|
|
product: All |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
@ -73,9 +73,10 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: false |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
@ -88,8 +89,9 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf |
|
|
|
|
notes: GE verifying workaround. |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently |
|
|
|
|
deploying the fixes in the production environment. |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
@ -102,8 +104,9 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- '' |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
@ -117,9 +120,8 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf |
|
|
|
|
notes: Vulnerability to be fixed by vendor provided workaround. No user actions |
|
|
|
|
necessary. Contact GE for details. |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
@ -132,10 +134,43 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). |
|
|
|
|
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not |
|
|
|
|
been reviewed by CISA. |
|
|
|
|
references: |
|
|
|
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Gas Power |
|
|
|
|
product: Control Server |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- '' |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
@ -147,14 +182,13 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf |
|
|
|
|
notes: Vulnerability to be fixed by vendor provided workaround. No user actions |
|
|
|
|
necessary. Contact GE for details |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Gas Power |
|
|
|
|
product: Control Server |
|
|
|
|
product: MyFleet |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
@ -162,10 +196,41 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Gas Power |
|
|
|
|
product: OPM Performance Intelligence |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
@ -177,14 +242,13 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf |
|
|
|
|
notes: The Control Server is Affected via vCenter. There is a fix for vCenter. |
|
|
|
|
Please see below. GE verifying the vCenter fix as proposed by the vendor. |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Gas Power |
|
|
|
|
product: Tag Mapping Service |
|
|
|
|
product: OPM Performance Planning |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
@ -192,10 +256,41 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Gas Power |
|
|
|
|
product: Tag Mapping Service |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
@ -207,11 +302,43 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 |
|
|
|
|
references: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Gas Power |
|
|
|
|
product: vCenter |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45105: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
vendor_links: |
|
|
|
|
- https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf |
|
|
|
|
notes: GE Gas Power has tested and validated the update provided by Vmware. |
|
|
|
|
The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not |
|
|
|
|
been reviewed by CISA. |
|
|
|
|
references: |
|
|
|
|
- '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' |
|
|
|
|
last_updated: '2021-12-22T00:00:00' |
|
|
|
|
- vendor: GE Healthcare |
|
|
|
|
product: '' |
|
|
|
|
cves: |
|
|
|
@ -4759,7 +4886,7 @@ software: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2021-12-21T00:00:00' |
|
|
|
|
- vendor: Gradle |
|
|
|
|
product: Gradle |
|
|
|
|
product: All |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
@ -4767,10 +4894,11 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: false |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
unaffected_versions: |
|
|
|
|
- '' |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
@ -4797,9 +4925,9 @@ software: |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- < 2021.3.6 |
|
|
|
|
fixed_versions: [] |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '< 2021.3.6' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
@ -4827,9 +4955,9 @@ software: |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- < 10.1 |
|
|
|
|
fixed_versions: [] |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '< 10.1' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
@ -4857,9 +4985,9 @@ software: |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: |
|
|
|
|
- < 1.6.2 |
|
|
|
|
fixed_versions: [] |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: |
|
|
|
|
- '< 1.6.2' |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
@ -4878,7 +5006,7 @@ software: |
|
|
|
|
- '' |
|
|
|
|
last_updated: '2022-01-12T07:18:50+00:00' |
|
|
|
|
- vendor: Grafana |
|
|
|
|
product: '' |
|
|
|
|
product: All |
|
|
|
|
cves: |
|
|
|
|
cve-2021-4104: |
|
|
|
|
investigated: false |
|
|
|
@ -4886,10 +5014,11 @@ software: |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
cve-2021-44228: |
|
|
|
|
investigated: false |
|
|
|
|
investigated: true |
|
|
|
|
affected_versions: [] |
|
|
|
|
fixed_versions: [] |
|
|
|
|
unaffected_versions: [] |
|
|
|
|
unaffected_versions: |
|
|
|
|
- '' |
|
|
|
|
cve-2021-45046: |
|
|
|
|
investigated: false |
|
|
|
|
affected_versions: [] |
|
|
|
|