Number: AV21-656
Date: 22 December 2021

On 20 December 2021 Siemens published a Security Advisory to address critical vulnerabilities which may affect multiple products using the Apache Log4j logging utility.

  • TraceAlertServerPLUS – all versions

Exploitation of these vulnerabilities could lead to remote code execution.

The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations.

Siemens Security Advisory (SSA-397453)
https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf

Siemens Apache Log4j Advisory (SSA-661247)
https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf

Active Exploitation of Apache Log4j Vulnerability (AL21-019)
https://cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability



Source link