Update the software list

2 years ago · e3e8cef63f
parent 86ca7cdb73
commit e3e8cef63f
2 changed files with 103 additions and 6 deletions
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@ -1746,7 +1746,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Illumio | VEN |  |  | Unknown | [link](https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
 | IManage |  |  |  | Unknown | [link](https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Imperva |  |  |  | Unknown | [link](https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
-| Inductive Automation |  |  |  | Unknown | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Inductive Automation | Ignition |  |  | Not Affected | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
 | IndustrialDefender |  |  |  | Unknown | [link](https://www.industrialdefender.com/cve-2021-44228-log4j/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | infinidat |  |  |  | Unknown | [link](https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | InfluxData |  |  |  | Unknown | [link](https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@ -2103,6 +2103,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Moodle |  |  |  | Unknown | [link](https://moodle.org/mod/forum/discuss.php?d=429966) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | MoogSoft |  |  |  | Unknown | [link](https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Motorola Avigilon |  |  |  | Unknown | [link](https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Moxa |  |  |  | Not Affected | [link](https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability) | Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
 | Mulesoft |  |  |  | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to customers only and has not been reviewed by CISA |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Mulesoft | Anypoint Studio | 7.x |  | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
 | Mulesoft | Cloudhub |  |  | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
@ -2631,6 +2632,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | TPLink | Omega Controller | Linux/Windows(all) |  | Affected | [link](https://www.tp-link.com/us/support/faq/3255) | Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16 | [Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 |
 | TrendMicro | All |  |  | Unknown | [link](https://success.trendmicro.com/solution/000289940) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Tricentis Tosca |  |  |  | Unknown | [link](https://support-hub.tricentis.com/open?number=NEW0001148&amp;id=post) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Tridium |  |  |  | Unknown | [link](https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf) | Document access requires authentication. CISA is not able to validate vulnerability status. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
 | Trimble | eCognition | 10.2.0 Build 4618 |  | Affected |  | Remediation steps provided by Trimble |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
 | Tripp Lite | LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) |  |  | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 |
 | Tripp Lite | PowerAlert Local (PAL) |  |  | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 |
@ -2699,6 +2701,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Venafi |  |  |  | Unknown | [link](https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Veritas NetBackup |  |  |  | Unknown | [link](https://www.veritas.com/content/support/en_US/article.100052070) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Vertica |  |  |  | Unknown | [link](https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
+| Video Insight Inc. | Video Insight |  |  | Not Affected | [link](https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability) | Video Insight is a part of Panasonic I-Pro. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 |
 | Viso Trust |  |  |  | Unknown | [link](https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | VMware | API Portal for VMware Tanzu | 1.x |  | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
 | VMware | App Metrics | 2.x |  | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 |
--- a/data/cisagov.yml
+++ b/data/cisagov.yml
@ -50987,7 +50987,7 @@ software:
      - ''
    last_updated: '2022-01-12T07:18:53+00:00'
  - vendor: Inductive Automation
-    product: ''
+    product: Ignition
    cves:
      cve-2021-4104:
        investigated: false
@ -50995,10 +50995,11 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
+          - All
      cve-2021-45046:
        investigated: false
        affected_versions: []
@ -51011,10 +51012,11 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day
-    notes: ''
+    notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but
+      they used an older version (1.2) that was not affected by this vulnerability.
    references:
      - ''
-    last_updated: '2022-01-12T07:18:53+00:00'
+    last_updated: '2022-01-19T00:00:00'
  - vendor: IndustrialDefender
    product: ''
    cves:
@ -61496,6 +61498,38 @@ software:
    references:
      - ''
    last_updated: '2022-01-12T07:18:54+00:00'
+  - vendor: Moxa
+    product: ''
+    cves:
+      cve-2021-4104:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions:
+          - All
+      cve-2021-45046:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability
+    notes: Moxa is investigating to determine if any of our products are affected
+      by this vulnerability. At the time of publication, none of Moxa's products are
+      affected.
+    references:
+      - ''
+    last_updated: '2022-01-19T00:00:00'
  - vendor: Mulesoft
    product: ''
    cves:
@ -77172,6 +77206,36 @@ software:
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
+  - vendor: Tridium
+    product: ''
+    cves:
+      cve-2021-4104:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf
+    notes: Document access requires authentication. CISA is not able to validate vulnerability
+      status.
+    references:
+      - ''
+    last_updated: '2022-01-19T00:00:00'
  - vendor: Trimble
    product: eCognition
    cves:
@ -79196,6 +79260,36 @@ software:
    references:
      - ''
    last_updated: '2022-01-12T07:18:56+00:00'
+  - vendor: Video Insight Inc.
+    product: Video Insight
+    cves:
+      cve-2021-4104:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions:
+          - All
+      cve-2021-45046:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: ''
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability
+    notes: Video Insight is a part of Panasonic I-Pro.
+    references:
+      - ''
+    last_updated: '2022-01-19T00:00:00'
  - vendor: Viso Trust
    product: ''
    cves: