Tuesday, December 28, 2021

Review - 12-28-31 Siemens Log4Shell Advisories

Today Siemens published a new Log4j advisory and updated their original advisory.

New Advisory - Siemens published an advisory discussing a new Log4j vulnerability that affects Log4j versions through 17.0.

Update - Siemens published an update for their original Log4Shell advisory that was originally published on December 12th, 2021 and most recently updated on December 27th, 2021.

The new Log4j vulnerability almost certainly reflects the additional attention that is being focused on this no longer obscure but much used tool. Very few pieces of ‘modern’ software are apparently able to stand up to that sort of attention without yielding vulnerabilities. With no currently available exploits, nor a current Base Score, for the new vulnerability, owners will be forgiven for not paying as much attention to this new vulnerability. Unfortunately, I expect that exploits will be forthcoming more quickly than normal; the Log4j attention also attracts the ‘bad guys’.

For more details on the new advisory and update, see my article on CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/12-28-31-siemens-log4shell-advisories - subscription required.

No comments:

/* Use this with templates/template-twocol.html */