Wednesday, December 15, 2021

Siemens Updates Log4Shell Advisory Again – 4-15-21

Today, Siemens published an update for their Log4Shell advisory that was originally published on December 12th, 2021 and most recently updated on December 14th, 2021. The new information includes:

• Adding additional affected products, remediation or mitigation measures, and products under investigation, and

• Removing SIMATIC WinCC V7.4 because it is not affected.

The new affected products include:

• Advantage Navigator Energy & Sustainability,

• Advantage Navigator Software Proxy,

• Energy Engage,

• EnergyIP,

• SENTRON powermanager V4,

• Siveillance Viewpoint,

• Solid Edge CAM Pro,

• Solid Edge Harness Design,

• Xpedition Enterprise,

Commentary

I would not be surprised to hear that other vendors have updated their advisories, but it is time consuming to go back and look at all of those web sites to see which changes have been made. I will be doing that in the not-distant future. I am keeping up with the Siemens updates more closely for two reasons. First, Siemens in the 800 lb gorilla in the ICS vendor arena; watching how they respond provides some insights into how the situation is changing (that’s how I learned about the second Log4Shell vulnerability, see this morning’s post).

The second reason may be more important to me. Siemens is easy to track; they post a Tweet® (today for example) when they update their advisories. I wish more vendors were that proactive with their communications.

No comments:

 
/* Use this with templates/template-twocol.html */