SAP XS Advanced Runtime


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://launchpad.support.sap.com/#/notes/3130698

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix ; CVE-2021-45105: Fix
NCSC-NL SAP note 3130698

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
Expand Details

SAS (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
SAS Support Link https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html

Community Resources

Resource Link
SAS Support Link https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link SAS Support Link.
2021-12-30 21:31:50 CISAGov Updated vendor link SAS Support Link.
Expand Details

SAS Institute JMP


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Savignano software solutions (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Savignano Link https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify

Community Resources

Resource Link
Savignano Link https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Savignano Link.
2021-12-30 21:31:50 CISAGov Updated vendor link Savignano Link.
Expand Details

SBT (Multiple Products)


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
Release 1.5.7 · sbt/sbt(github.com) https://github.com/sbt/sbt/releases/tag/v1.5.7

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link Release 1.5.7 · sbt/sbt(github.com).
Expand Details

SBT SBT


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
Release 1.5.7 · sbt/sbt(github.com) https://github.com/sbt/sbt/releases/tag/v1.5.7

Community Notes

Source Note
CISAGov Last Update: 12/15/2021

Sources

Date Attribution Description
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendorPatchExists. Updated vendor link Release 1.5.7 · sbt/sbt(github.com). Updated community note.
Expand Details

ScaleComputing (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
ScaleComputing Community Link https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability

Community Resources

Resource Link
ScaleComputing Community Link https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability

Community Notes

Source Note
NCSC-NL This advisory is available to customers only and has not been reviewed by CISA
CISAGov This advisory is available to customers only and has not been reviewed by CISA

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link ScaleComputing Community Link. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link ScaleComputing Community Link. Updated community note.
Expand Details

ScaleFusion MobileLock Pro (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
ScaleFusion MobileLock Pro Help https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228

Community Resources

Resource Link
ScaleFusion MobileLock Pro Help https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link ScaleFusion MobileLock Pro Help.
2021-12-30 21:31:50 CISAGov Updated vendor link ScaleFusion MobileLock Pro Help.
Expand Details

Schneider Electric EASYFIT


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric Ecoreal XL


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric EcoStruxure IT Expert


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix
NCSC-NL “cloud-based offer; no customer action required”
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated community note.
Expand Details

Schneider Electric EcoStruxure IT Gateway


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
EcoStruxure Link https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link EcoStruxure Link. Updated community note.
Expand Details

Schneider Electric Eurotherm Data Reviewer


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Workaround
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric Facility Expert Small Business


Vendor Data Vendor Patch Exists
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Vulnerable
NCSC-NL “cloud-based offer; no customer action required”
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric MSE


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric NetBotz750/755


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric NEW630


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SDK BOM


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SDK-Docgen


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SDK-TNC


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SDK-UMS


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SDK3D2DRenderer


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link SE Cybersecurity Best Practices.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SDK3D360Widget


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link SE Cybersecurity Best Practices.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric Select and Config DATA


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SNC-API


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SNC-CMM


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SNCSEMTECH


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link SE Cybersecurity Best Practices.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SPIMV3


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SWBEditor


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric SWBEngine


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
SE Cybersecurity Best Practices https://www.se.com/us/en/download/document/7EN52-0390/

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable ; CVE-2021-45046: Vulnerable
NCSC-NL no customer action required
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link SE Cybersecurity Best Practices. Updated community note.
Expand Details

Schneider Electric Wiser by SE platform


Vendor Data Vendor Patch Exists
Community Data

Community Resources

Resource Link
source https://www.se.com/ww/en/download/document/SESB-2021-347-01/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix ; CVE-2021-45046: Fix
NCSC-NL “cloud-based offer; no customer action required”
CISAGov Last Update: 12/20/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated community note.
Expand Details

Schweitzer Engineering Laboratories (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
SEL Advisory Link https://selinc.com/support/security-notifications/

Community Resources

Resource Link
SEL Advisory Link https://selinc.com/support/security-notifications/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/21/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link SEL Advisory Link.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link SEL Advisory Link. Updated community note.
Expand Details

ScreenBeam (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
ScreenBeam Article https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228

Community Resources

Resource Link
ScreenBeam Article https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link ScreenBeam Article.
2021-12-30 21:31:50 CISAGov Updated vendor link ScreenBeam Article.
Expand Details

SDL worldServer (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
SDL worldServer Link https://gateway.sdl.com/apex/communityknowledge?articleName=000017707

Community Resources

Resource Link
SDL worldServer Link https://gateway.sdl.com/apex/communityknowledge?articleName=000017707

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link SDL worldServer Link.
2021-12-30 21:31:50 CISAGov Updated vendor link SDL worldServer Link.
Expand Details

Seagull Scientific BarTender


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

SecurePoint (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
SecurePoint News Link https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html

Community Resources

Resource Link
SecurePoint News Link https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link SecurePoint News Link.
2021-12-30 21:31:50 CISAGov Updated vendor link SecurePoint News Link.
Expand Details

Security Onion (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Security Onion Blog Post https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html

Community Resources

Resource Link
Security Onion Blog Post https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Security Onion Blog Post.
2021-12-30 21:31:50 CISAGov Updated vendor link Security Onion Blog Post.
Expand Details

SecurityHive (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Community Resources

Resource Link
source https://blog.securityhive.nl/security-info/securityhive-informs-log4j-vulnerable-customers-using-threat-intelligence/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link source.
Expand Details

Seeburger (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Seeburger Service Desk Link https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open

Community Resources

Resource Link
Seeburger Service Desk Link https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open

Community Notes

Source Note
NCSC-NL This advisory is avaiable to customers only and has not been reviewed by CISA
CISAGov This advisory is avaiable to customers only and has not been reviewed by CISA.

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated community link Seeburger Service Desk Link. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link Seeburger Service Desk Link. Updated community note.
Expand Details

SentinelOne (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
SentinelOne Blog Post https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/

Community Resources

Resource Link
SentinelOne Blog Post https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link SentinelOne Blog Post.
2021-12-30 21:31:50 CISAGov Updated vendor link SentinelOne Blog Post.
Expand Details

Sentry (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Sentry Blog Post https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228

Community Resources

Resource Link
Sentry Blog Post https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Sentry Blog Post.
2021-12-30 21:31:50 CISAGov Updated vendor link Sentry Blog Post.
Expand Details

Sentry.io Self Hosted and SaaS


Vendor Data
Community Data

Community Resources

Resource Link
source https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Not vuln
NCSC-NL Not affected as it is written in Python and Rust. Makes use of unaffected versions of log4j 1.x in Kafka and Zookeeper subsystems

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated community note. Updated community link source. Updated community note.
Expand Details

Server Eye (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Server Eye Blog Post https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/

Community Resources

Resource Link
Server Eye Blog Post https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Server Eye Blog Post.
2021-12-30 21:31:50 CISAGov Updated vendor link Server Eye Blog Post.
Expand Details

ServiceNow (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
ServiceNow Support Link https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959

Community Resources

Resource Link
ServiceNow Support Link https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated community link ServiceNow Support Link.
2021-12-30 21:31:50 CISAGov Updated vendor link ServiceNow Support Link.
Expand Details

Shibboleth (Multiple Products)


Vendor Data
Community Data Not Vulnerable

Vendor Resources

Resource Link
Log4j CVE (non)-impact https://shibboleth.net/pipermail/announce/2021-December/000253.html

Community Resources

Resource Link
Log4j CVE (non)-impact https://shibboleth.net/pipermail/announce/2021-December/000253.html

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
CISAGov Last Update: 12/10/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityNotVulnerable. Updated community note. Updated community link Log4j CVE (non)-impact.
2021-12-30 21:31:50 CISAGov Updated communityNotVulnerable. Updated vendor link Log4j CVE (non)-impact. Updated community note.
Expand Details

Shopify (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Shopify Community Link https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625

Community Resources

Resource Link
Shopify Community Link https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Shopify Community Link.
2021-12-30 21:31:50 CISAGov Updated vendor link Shopify Community Link.
Expand Details

Siebel (Multiple Products)


Vendor Data
Community Data

Vendor Resources

Resource Link
Siebel Link https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html

Community Resources

Resource Link
Siebel Link https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community link Siebel Link.
2021-12-30 21:31:50 CISAGov Updated vendor link Siebel Link.
Expand Details

Siemens Affected Products


Vendor Data
Community Data

Vendor Resources

Resource Link
pdf https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-501673.json

Community Resources

Resource Link
pdf https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-661247.json

Community Notes

Source Note
NCSC-NL
NCSC-NL Siemens requested to directly refer to their website: See pdf for the complete list of affected products, CSAF for automated parsing of data
CISAGov Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data
CISAGov Last Update: 12/19/21

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated community note. Updated community link pdf. Updated community link CSAF. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link pdf. Updated vendor link CSAF. Updated community note. Updated community note.
Expand Details

Siemens Energy Affected Products


Vendor Data
Community Data

Vendor Resources

Resource Link
pdf https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-714170.json

Community Resources

Resource Link
pdf https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
CSAF https://cert-portal.siemens.com/productcert/csaf/ssa-714170.json

Community Notes

Source Note
NCSC-NL
NCSC-NL Siemens requested to directly refer to their website: See pdf for the complete list of affected products, CSAF for automated parsing of data
CISAGov Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data
CISAGov Last Update: 12/16/21

Sources

Date Attribution Description
2021-12-27 15:29:04 NCSC-NL Updated community note. Updated community link pdf. Updated community link CSAF. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendor link pdf. Updated vendor link CSAF. Updated community note. Updated community note.
Expand Details

Siemens Healthineers ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL If you have determined that your Atellica Data Manager has a “Java communication engine” service, and you require an immediate mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative.
CISAGov If you have determined that your Atellica Data Manager has a “Java communication engine” service, and you require an immediate mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative.
CISAGov Last Update: 12/22/21

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers CENTRALINK v16.0.2 / v16.0.3


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL If you have determined that your CentraLink has a “Java communication engine” service, and you require a mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative.
CISAGov If you have determined that your CentraLink has a “Java communication engine” service, and you require a mitigation, then please contact your Siemens Customer Care Center or your local Siemens technical support representative.
CISAGov Last Update: 12/22/21

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers Cios Flow S1 / Alpha / Spin VA30


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL evaluation ongoing
CISAGov evaluation ongoing
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers Cios Select FD/I.I. VA21 / VA21-S3P


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL evaluation ongoing
CISAGov evaluation ongoing
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers DICOM Proxy VB10A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: remove the vulnerable class from the .jar file
CISAGov Workaround: remove the vulnerable class from the .jar file
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers go.All, Som10 VA20 / VA30 / VA40


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 2021-12-22

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers go.Fit, Som10 VA30


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers go.Now, Som10 VA10 / VA20 / VA30 / VA40


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers go.Open Pro, Som10 VA30 / VA40


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers go.Sim, Som10 VA30 / VA40


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers go.Up, Som10 VA10 / VA20 / VA30 / VA40


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA 3T NUMARIS/X VA30A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Altea NUMARIS/X VA20A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X VA31A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Amira NUMARIS/X VA12M


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Free.Max NUMARIS/X VA40


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Lumina NUMARIS/X VA20A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Sempra NUMARIS/X VA12M


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Sola fit NUMARIS/X VA20A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Sola NUMARIS/X VA20A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Vida fit NUMARIS/X VA20A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers MAGNETOM Vida NUMARIS/X VA10A* / VA20A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL “LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.”
CISAGov LOG4J is used in the context of the help system. Workaround: close port 8090 for standalone systems. Setup IP whitelisting for “need to access” systems to network port 8090 in case a second console is connected.
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2022-01-03 13:16:44 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL evaluation ongoing
CISAGov evaluation ongoing
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details

Siemens Healthineers Somatom Emotion Som5 VC50


Vendor Data
Community Data Vulnerable

Vendor Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Resources

Resource Link
Siemens Healthineers https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228

Community Notes

Source Note
NCSC-NL CVE-2021-44228: Vulnerable
NCSC-NL evaluation ongoing
CISAGov evaluation ongoing
CISAGov Last Update: 12/22/2021

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated communityVulnerable. Updated community note. Updated community link Siemens Healthineers. Updated community note.
2021-12-30 21:31:50 CISAGov Updated communityVulnerable. Updated vendor link Siemens Healthineers. Updated community note. Updated community note.
Expand Details