Publication Date: 2021-12-13
Last Update: 2022-06-14
Current Version: V2.9
CVSS v3.1 Base Score: 10.0

Affected Product and Versions Remediation
Advantage Navigator Energy & Sustainability:
All versions < 2021-12-13
Vulnerability CVE-2021-44228 fixed on central cloud service starting 2021-12-13; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Advantage Navigator Software Proxy V6:
All versions < V6.3
Update to V6.3 or later version
See further recommendations from section Workarounds and Mitigations
Building Operator Discovery Distribution for the Connect X200 Gateway:
All versions < V3.0.30
Update to V3.0.30 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805593/
See further recommendations from section Workarounds and Mitigations
Building Operator Discovery Distribution for the Connect X300 Gateway:
All versions < V3.0.29
Update to V3.0.29 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805593/
See further recommendations from section Workarounds and Mitigations
Building Twin - 360° Viewer:
All versions
Vulnerability CVE-2021-44228 fixed on central cloud service; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Capital V2019.1:
All versions >= V2019.1 SP1912 < V2019.1 SP2204 only if Teamcenter integration feature is used
Update to V2019.1 SP2204 or later version
https://support.sw.siemens.com/en-US/product/861057055/downloads

Find detailed mitigation steps at: https://support.sw.siemens.com/en-US/knowledge-base/MG618363
See further recommendations from section Workarounds and Mitigations
Capital V2020.1:
All versions < 2020.1 SP2202 only if Teamcenter integration feature is used
Update to V2020.1 SP2202 or later version
https://support.sw.siemens.com/en-US/product/861057055/downloads

Find detailed mitigation steps at: https://support.sw.siemens.com/en-US/knowledge-base/MG618363
See further recommendations from section Workarounds and Mitigations
Capital V2021.1:
All versions < V2021.1 SP2202 only if Teamcenter integration feature is used
Update to V2021.1 SP2202 or later version
https://support.sw.siemens.com/en-US/product/861057055/downloads

Find detailed mitigation steps at: https://support.sw.siemens.com/en-US/knowledge-base/MG618363
See further recommendations from section Workarounds and Mitigations
Cerberus DMS:
V5.0, V5.1 with Advanced Reporting EM installed
Remove the JndiLookup class from the classpath. Detailed instructions are available at https://support.industry.siemens.com/cs/ww/en/view/109805562/
See further recommendations from section Workarounds and Mitigations
COMOS:
All versions < V10.4.1 only if Teamcenter PDI feature is used
Update to V10.4.1 and consider the “Notes on using TCCS setup in COMOS 10.4.1.txt”
https://support.industry.siemens.com/cs/ww/en/view/109805632/

Uninstall “Teamcenter Client Communication System (TCCS)” or block both incoming and outgoing connections between the system and the Internet.
See further recommendations from section Workarounds and Mitigations
cRSP:
All versions < V13.17.2
Update to V13.17.2 was deployed on all cRSP services on 2021-12-21; no user actions necessary

Note: Earlier versions of the product contained a vulnerable version of log4j, but no risk for exploitation could be identified.
See further recommendations from section Workarounds and Mitigations
cRSP Operator Client Starter:
All versions < V1.7.18
Update to V1.7.18 or later version, as provided via cRSP V13.17.2 or later version

Note: Earlier versions of the product contained a vulnerable version of log4j, but no risk for exploitation could be identified.
See further recommendations from section Workarounds and Mitigations
Desigo CC:
V3.0, V4.0, V4.1, V4.2 with Advanced Reporting EM installed
Remove the JndiLookup class from the classpath. Detailed instructions are available at https://support.industry.siemens.com/cs/ww/en/view/109805562/
See further recommendations from section Workarounds and Mitigations
Desigo CC:
V5.0, V5.1 with Advanced Reporting or Info Center EM installed
Remove the JndiLookup class from the classpath. Detailed instructions are available at https://support.industry.siemens.com/cs/ww/en/view/109805562/
See further recommendations from section Workarounds and Mitigations
E-Car OC Cloud Application:
All versions < 2021-12-13
Vulnerability CVE-2021-44228 fixed on central cloud service starting 2021-12-13; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Energy Engage:
V3.1
Find detailed remediation and mitigation information on the EnergyIP docs portal at: https://docs.emeter.com/display/public/WELCOME/EnergyIP+Security+Advisory+for+Log4Shell+Vulnerability
See further recommendations from section Workarounds and Mitigations
EnergyIP:
V8.5, V8.6, V8.7, V9.0
Find detailed remediation and mitigation information on the EnergyIP docs portal at: https://docs.emeter.com/display/public/WELCOME/EnergyIP+Security+Advisory+for+Log4Shell+Vulnerability

Note: EnergyIP V8.5 and V8.6 applications are not directly affected, but CAS is.
See further recommendations from section Workarounds and Mitigations
EnergyIP Prepay:
All versions < V3.8.0.12
only affected by CVE-2021-44228
Update to V3.8.0.12 or later version
See further recommendations from section Workarounds and Mitigations
Enlighted Amaze:
All versions < 2021-12-10
Vulnerabilities fixed on central cloud services starting 2021-12-10; no user actions necessary

For Comfy and Enlighted, see also chapter Additional Information below
See further recommendations from section Workarounds and Mitigations
Enlighted Where:
All versions < 2021-12-11
Vulnerabilities fixed on central cloud services starting 2021-12-11; no user actions necessary

For Comfy and Enlighted, see also chapter Additional Information below
See further recommendations from section Workarounds and Mitigations
Geolus Shape Search V10:
All versions >= V10.2
Remove the JndiLookup class from the classpath.

Find detailed remediation and mitigation information at: https://support.sw.siemens.com/en-US/knowledge-base/PL8601468
See further recommendations from section Workarounds and Mitigations
Geolus Shape Search V11:
All versions
Remove the JndiLookup class from the classpath.

Find detailed remediation and mitigation information at: https://support.sw.siemens.com/en-US/knowledge-base/PL8601468
See further recommendations from section Workarounds and Mitigations
GMA-Manager:
All versions >= V8.6.2j.398 < V8.6.2.472
Update to V8.6.2.472 or later version
https://support.industry.siemens.com/cs/ww/en/view/109805665/
See further recommendations from section Workarounds and Mitigations
HEEDS Connect:
All versions
HEEDS Connect team will contact all impacted customers to deploy a new log4j version. This action will secure your installation against Log4Shell vulnerability. For further information see: https://support.sw.siemens.com/en-US/knowledge-base/PL8601661
See further recommendations from section Workarounds and Mitigations
HES UDIS:
All versions
Specific fix versions based on V6.0.2 and V6.0.3 were released and deployed for all affected projects
See further recommendations from section Workarounds and Mitigations
Industrial Edge Hub:
All versions < 2021-12-13
Vulnerabilities fixed on central cloud service starting 2021-12-13; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Industrial Edge Management App (IEM-App):
All versions < V1.4.11
Update to V1.4.11 or later version
https://iehub.eu1.edge.siemens.cloud/
See further recommendations from section Workarounds and Mitigations
Industrial Edge Management OS (IEM-OS):
All versions < V1.4.0-42
Update to V1.4.0-42 or later version
https://iehub.eu1.edge.siemens.cloud/
See further recommendations from section Workarounds and Mitigations
jROS for Spectrum Power 4:
V4.70 SP9
Update to V4.70 SP9 Security Patch 1 or later version. Please contact your local Siemens representative.
See further recommendations from section Workarounds and Mitigations
jROS for Spectrum Power 7:
V21Q4
Apply the patch. Please contact your local Siemens representative.
See further recommendations from section Workarounds and Mitigations
Mendix Applications:
All versions
Although the Mendix runtime itself is not vulnerable to this exploit, we nevertheless recommend to upgrade log4j-core to the latest available version if log4j-core is part of your project. This advice is regardless of the JRE/JDK version the app runs on.
https://status.mendix.com/incidents/8j5043my610c
See further recommendations from section Workarounds and Mitigations
MindSphere App Management Cockpits (Developer& Operator):
All versions < 2021-12-16
Vulnerabilities fixed with update on 2021-12-16; no user actions necessary
See further recommendations from section Workarounds and Mitigations
MindSphere Asset Manager:
All versions < 2021-12-16
Vulnerabilities fixed with update on 2021-12-16; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Mindsphere Cloud Foundry:
All versions < 2021-12-14
Although the Cloud Foundry environment itself is not vulnerable to this exploit, we nevertheless recommend to upgrade log4j-core to the latest available version if log4j-core is part of your project. https://support.sw.siemens.com/en-US/product/268530510/knowledge-base/PL8600797
See further recommendations from section Workarounds and Mitigations
Mindsphere Cloud Platform:
All versions < 2021-12-11
Vulnerabilities fixed on central cloud service starting 2021-12-11; no user actions necessary
See further recommendations from section Workarounds and Mitigations
MindSphere IAM (User Management/ Settings):
All versions < 2021-12-16
Vulnerabilities fixed with update on 2021-12-16; no user actions necessary
See further recommendations from section Workarounds and Mitigations
MindSphere Integrated Data Lake:
All versions < 2021-12-16
Vulnerabilities fixed with update on 2021-12-16; no user actions necessary
See further recommendations from section Workarounds and Mitigations
MindSphere Notification Service:
All versions < 2021-12-16
Vulnerabilities fixed with update on 2021-12-16; no user actions necessary
See further recommendations from section Workarounds and Mitigations
MindSphere Predictive Learning:
All versions < 2021-12-23
Vulnerabilities fixed with update on 2021-12-23; no user actions necessary
See further recommendations from section Workarounds and Mitigations
MindSphere Usage Transparency Service:
All versions < 2021-12-16
Vulnerabilities fixed with update on 2021-12-16; no user actions necessary
See further recommendations from section Workarounds and Mitigations
MindSphere Visual Explorer:
All versions < 2021-12-21
Vulnerabilities fixed with update on 2021-12-21; no user actions necessary
See further recommendations from section Workarounds and Mitigations
NX 1953 Series:
All versions < V1973.4340
Update to V1973.4340 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600959
See further recommendations from section Workarounds and Mitigations
NX 1980 Series:
All versions < V2000.3400
Update to V2000.3400 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600959
See further recommendations from section Workarounds and Mitigations
NX 2007 Series:
All versions < V2008
Update to V2008 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600959
See further recommendations from section Workarounds and Mitigations
NXpower Monitor:
All versions < 2021-12-19
Vulnerabilities fixed on central cloud service starting 2021-12-19; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Opcenter EX CP Process Automation Control:
All versions >= V17.2.3 < V18.1
Update to V18.1 or later version to fix CVE-2021-44228
See further recommendations from section Workarounds and Mitigations
Opcenter Execution Core Process Automation Control:
All versions >= V17.2.3 < V18.1
Update to V18.1 or later version to fix CVE-2021-44228
See further recommendations from section Workarounds and Mitigations
Opcenter Intelligence:
All versions >= V3.2 < V3.5 only OEM version that ships Tableau
Update to V3.5 or later version
https://support.sw.siemens.com/
See further recommendations from section Workarounds and Mitigations
Operation Scheduler:
All versions >= V1.1.3
Update the UAA component to V75.8.3
https://support.industry.siemens.com/cs/ww/en/view/109805673/
See further recommendations from section Workarounds and Mitigations
SENTRON powermanager V4:
V4.1, V4.2
Remove the JndiLookup class from the classpath. Detailed instructions are available at https://support.industry.siemens.com/cs/ww/en/view/109805602/
See further recommendations from section Workarounds and Mitigations
SIGUARD DSA:
All versions >= 4.2 < 4.4.1
Update to V4.4.1 or later version
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC647D:
All versions with affected Adaptec RAID
Follow the remediation steps documented at https://ask.adaptec.com/app/answers/detail/a_id/17527/

Stop and disable autostart for maxView Storage Manager WebServer. Note: This software is not required for the underlying RAID to work
Disable ports 8080/tcp and 8443/tcp in the firewall configuration of the IPC
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC647E:
All versions with affected Adaptec RAID
Update the driver for the SmartRAID controller to V2.6.6 or later version, available at https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/

Stop and disable autostart for maxView Storage Manager WebServer. Note: This software is not required for the underlying RAID to work
Disable ports 8080/tcp and 8443/tcp in the firewall configuration of the IPC
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC847D:
All versions with affected Adaptec RAID
Follow the remediation steps documented at https://ask.adaptec.com/app/answers/detail/a_id/17527/

Stop and disable autostart for maxView Storage Manager WebServer. Note: This software is not required for the underlying RAID to work
Disable ports 8080/tcp and 8443/tcp in the firewall configuration of the IPC
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC847E:
All versions with affected Adaptec RAID
Update the driver for the SmartRAID controller to V2.6.6 or later version, available at https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/

Stop and disable autostart for maxView Storage Manager WebServer. Note: This software is not required for the underlying RAID to work
Disable ports 8080/tcp and 8443/tcp in the firewall configuration of the IPC
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC1047:
All versions with affected Adaptec RAID
Update the driver for the SmartRAID controller to V2.6.6 or later version, available at https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/

Stop and disable autostart for maxView Storage Manager WebServer. Note: This software is not required for the underlying RAID to work
Disable ports 8080/tcp and 8443/tcp in the firewall configuration of the IPC
See further recommendations from section Workarounds and Mitigations
SIMATIC IPC1047E:
All versions with affected Adaptec RAID
Update the driver for the SmartRAID controller to V2.6.6 or later version, available at https://storage.microsemi.com/en-us/support/raid/sas_raid/asr-3151-4i/

Stop and disable autostart for maxView Storage Manager WebServer. Note: This software is not required for the underlying RAID to work
Disable ports 8080/tcp and 8443/tcp in the firewall configuration of the IPC
See further recommendations from section Workarounds and Mitigations
Simcenter 3D:
All versions < 2022.1-2008
Update to 2022.1-2008 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8603477

Find detailed remediation and mitigation information at: https://support.sw.siemens.com/en-US/knowledge-base/PL8601203
See further recommendations from section Workarounds and Mitigations
Simcenter Amesim:
All versions only if Teamcenter integration feature is used
Update Teamcenter to any fix version available for the different version lines of Teamcenter, see https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
https://support.sw.siemens.com/en-US/knowledge-base/PL8601572
See further recommendations from section Workarounds and Mitigations
Simcenter System Architect:
All versions only if Teamcenter integration feature is used
Update Teamcenter to any fix version available for the different version lines of Teamcenter, see https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
https://support.sw.siemens.com/en-US/knowledge-base/PL8601662
See further recommendations from section Workarounds and Mitigations
Simcenter System Simulation Client for Git:
All versions < V2021.2.2
Update to V2021.2.2 or later version
https://support.sw.siemens.com

Find detailed mitigation steps for both server and client installations at: https://support.sw.siemens.com/en-US/knowledge-base/PL8602538
See further recommendations from section Workarounds and Mitigations
Simcenter Testlab:
All versions >= 2021.1
Follow the remediation steps documented at: https://support.sw.siemens.com/en-US/knowledge-base/PL8602466
See further recommendations from section Workarounds and Mitigations
Simcenter Testlab Data Management:
All versions
Simcenter Testlab Data Management team will contact all impacted customer to deploy the mitigation measures. This action will secure your installation against Log4Shell vulnerability. For further information see: https://support.sw.siemens.com/en-US/knowledge-base/PL8601418
See further recommendations from section Workarounds and Mitigations
SiPass integrated V2.80:
All versions
Apply the patch
https://support.industry.siemens.com/cs/ww/en/view/109805711/
See further recommendations from section Workarounds and Mitigations
SiPass integrated V2.85:
All versions < V2.85.7.5
Update to V2.85.7.5 or later version
https://support.industry.siemens.com/cs/ww/en/view/109801507/
See further recommendations from section Workarounds and Mitigations
Siveillance Command:
All versions >= V4.16.2.1
Vulnerabilities fixed for Command installations on a project basis; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Siveillance Control Pro V2.1:
All versions
A hotfix is available; please contact customer support to receive the hotfix
See further recommendations from section Workarounds and Mitigations
Siveillance Control Pro V2.2:
All versions < V2.2.7
Update to V2.2.7 or later version; please contact customer support to receive the latest version
See further recommendations from section Workarounds and Mitigations
Siveillance Control Pro V2.3:
All versions < V2.3.2
Update to V2.3.2 or later version; please contact customer support to receive the latest version
See further recommendations from section Workarounds and Mitigations
Siveillance Identity V1.5:
All versions
Update to V1.5 SP4 and apply the patch
https://support.industry.siemens.com/cs/ww/en/view/109805657/
See further recommendations from section Workarounds and Mitigations
Siveillance Identity V1.6:
All versions
Update to V1.6 SP1 and apply the patch
https://support.industry.siemens.com/cs/ww/en/view/109805657/
See further recommendations from section Workarounds and Mitigations
Siveillance Vantage:
All versions
Vulnerabilities fixed for Vantage installations on a project basis; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Solid Edge CAM Pro:
All versions < V2008
Update to V2008 or later version
https://support.sw.siemens.com/
See further recommendations from section Workarounds and Mitigations
Solid Edge Wiring and Harness Design:
All versions >= V2020 SP2002 < V2022 SP2202 only if Teamcenter integration feature is used
Update to V2022 SP2202 or later version
https://support.sw.siemens.com/en-US/product/246738425/downloads

Find detailed mitigation steps at: https://support.sw.siemens.com/en-US/knowledge-base/MG618363
See further recommendations from section Workarounds and Mitigations
Spectrum Power 4:
All versions >= V4.70 SP8 < V4.70 SP9 Security Patch 1
Update to V4.70 SP9 and apply Security Patch 1. Please contact your local Siemens representative.
See further recommendations from section Workarounds and Mitigations
Spectrum Power 7:
All versions >= V2.30 SP2
Update to V21Q4 and apply the patch. Please contact your local Siemens representative.
See further recommendations from section Workarounds and Mitigations
Teamcenter Active Workspace V4.3:
All versions < V4.3.13
Update to V4.3.13 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Active Workspace V5.0:
All versions < V5.0.11
Update to V5.0.11 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Active Workspace V5.1:
All versions < V5.1.8
Update to V5.1.8 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Active Workspace V5.2:
All versions < V5.2.6
Update to V5.2.6 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Deployment Center V4.0:
All versions < V4.0.3
Update to V4.0.3 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Deployment Center V4.1:
All versions < V4.1.1.1
Update to V4.1.1.1 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Deployment Center V4.2:
All versions < V4.2.0.2
Update to V4.2.0.2 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter EDA V5.1:
All versions < V5.1.5
Update to V5.1.5 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter EDA V5.2:
All versions < V5.2.3
Update to V5.2.3 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Integration for CATIA:
All versions < 13.0.1.2
Update to V13.0.1.2 or later version
https://support.sw.siemens.com/knowledge-base/PL8602463
See further recommendations from section Workarounds and Mitigations
Teamcenter Integration Framework V3.3:
All versions <= V3.3.0.7
Update to V3.3.0.7 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Integration Framework V4.0:
All versions <= V4.0.0.2
Update to V4.0.0.2 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Integration Framework V13.0:
All versions <= V13.0.0.2
Update to V13.0.0.2 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Integration Framework V13.1:
All versions <= V13.1.0.1
Update to V13.1.0.1 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Integration Framework V13.2:
All versions <= V13.2.0.1
Update to V13.2.0.1 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter MBSE Gateway V4.1:
All versions < V4.1.2
Update to V4.1.2 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter MBSE Gateway V4.2:
All versions < V4.2.3
Update to V4.2.3 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter MBSE Gateway V4.3:
All versions < V4.3.3
Update to V4.3.3 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter MBSE Gateway V5.0:
All versions < V5.0.6
Update to V5.0.6 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter MBSE Gateway V5.1:
All versions < V5.1.5
Update to V5.1.5 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter MBSE Gateway V5.2:
All versions < V5.2.4
Update to V5.2.4 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Microservices Framework V5.1:
All versions < V5.1.8
Update to V5.1.8 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Microservices Framework V5.2:
All versions < V5.2.6
Update to V5.2.6 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Reporting and Analytics V11:
All versions >= V11.3
Remove the JndiLookup class from the classpath.

Find detailed remediation and mitigation information at: https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Reporting and Analytics V12.2:
All versions < V12.2.8
Update to V12.2.8 or later version
https://support.sw.siemens.com/enUS/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Reporting and Analytics V12.3:
All versions < V12.3.11
Update to V12.3.11 or later version
https://support.sw.siemens.com/enUS/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Reporting and Analytics V12.4:
All versions < V12.4.1
Update to V12.4.1 or later version
https://support.sw.siemens.com/enUS/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Reporting and Analytics V13:
All versions < V13.2.1.1
Update to V13.2.1.1 or V13.3.0.0 or later version
https://support.sw.siemens.com/enUS/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter Technical Publishing:
All versions >= V2.10 < V13.0.1
Update to V13.0.1 or later version
https://support.sw.siemens.com/knowledge-base/PL8612040
See further recommendations from section Workarounds and Mitigations
Teamcenter V12.1:
All versions < V12.1.0.14
Update to V12.1.0.14 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter V12.2:
All versions < 12.2.0.18
Update to V12.2.0.18 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter V12.3:
All versions < V12.3.0.15
Update to V12.3.0.15 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter V12.4:
All versions < V12.4.0.12
Update to V12.4.0.12 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter V13.0:
All versions < V13.0.0.9
Update to V13.0.0.9 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter V13.1:
All versions < V13.1.0.8
Update to V13.1.0.8 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter V13.2:
All versions < V13.2.0.6
Update to V13.2.0.6 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Teamcenter V13.3:
All versions < V13.3.0.1
Update to V13.3.0.1 or later version
https://support.sw.siemens.com/en-US/knowledge-base/PL8600700
See further recommendations from section Workarounds and Mitigations
Tecnomatix eBOP Manager Server:
V14.1, V15.0, V15.1, V15.1.2, V16.0, V16.0.1, V16.0.2, V16.1, V16.1.1, V16.1.2
Apply the hotfix
https://support.sw.siemens.com/en-US/knowledge-base/PL8602057
See further recommendations from section Workarounds and Mitigations
Tecnomatix Intosite:
All versions
Vulnerabilities fixed on central cloud service; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Tecnomatix Plant Simulation:
V15.0, V16.0, V16.1 only if TCCS is installed
Download and install the updated TCCS setup from the Siemens Support Center; for details see https://support.sw.siemens.com/knowledge-base/PL8615527
See further recommendations from section Workarounds and Mitigations
Tecnomatix Process Designer:
All versions >= V14.1
Apply the hotfix, available for versions V14.1, V15.0, V15.1, V15.1.2, V16.0, V16.0.1, V16.0.2, V16.1, V16.1.1, V16.1.2
https://support.sw.siemens.com/en-US/knowledge-base/PL8602057
See further recommendations from section Workarounds and Mitigations
Tecnomatix Process Simulate:
All versions >= V14.1
Apply the hotfix, available for versions V14.1, V15.0, V15.1, V15.1.2, V16.0, V16.0.1, V16.0.2, V16.1, V16.1.1, V16.1.2
https://support.sw.siemens.com/en-US/knowledge-base/PL8602057
See further recommendations from section Workarounds and Mitigations
Tecnomatix Process Simulate VCLite:
All versions >= V14.1
Apply the hotfix, available for versions V14.1, V15.0, V15.1, V15.1.2, V16.0, V16.0.1, V16.0.2, V16.1, V16.1.1, V16.1.2
https://support.sw.siemens.com/en-US/knowledge-base/PL8602057
See further recommendations from section Workarounds and Mitigations
Tecnomatix RobotExpert:
All versions >= V14.1
Apply the hotfix, available for versions V14.1, V15.0, V15.1, V15.1.2, V16.0, V16.0.1, V16.0.2, V16.1, V16.1.1, V16.1.2
https://support.sw.siemens.com/en-US/knowledge-base/PL8602057
See further recommendations from section Workarounds and Mitigations
Valor Parts Library - VPL Direct:
V6.0, V6.1
Vulnerabilities fixed on remote VPL server; no user actions necessary
See further recommendations from section Workarounds and Mitigations
Valor Parts Library - VPL Server or Service:
V6.0, V6.1
Remove the JndiLookup class from the classpath.

Find detailed remediation and mitigation information at: https://support.sw.siemens.com/knowledge-base/MG618362
See further recommendations from section Workarounds and Mitigations
VeSys V2019.1:
All versions >= 2019.1 SP1912 only if Teamcenter integration feature is used
Currently no fix is planned
Find detailed mitigation steps at: https://support.sw.siemens.com/en-US/knowledge-base/MG618363
See further recommendations from section Workarounds and Mitigations
VeSys V2020.1:
All versions < V2020.1 SP2202 only if Teamcenter integration feature is used
Update to V2020.1 SP2202 or later version
https://support.sw.siemens.com/en-US/product/852852123/downloads

Find detailed mitigation steps at: https://support.sw.siemens.com/en-US/knowledge-base/MG618363
See further recommendations from section Workarounds and Mitigations
VeSys V2021.1:
All versions < V2021.1 SP2202 only if Teamcenter integration feature is used
Update to V2021.1 SP2202 or later version
https://support.sw.siemens.com/en-US/product/852852123/downloads

Find detailed mitigation steps at: https://support.sw.siemens.com/en-US/knowledge-base/MG618363
See further recommendations from section Workarounds and Mitigations
Xpedition Enterprise (XCR) VX.2.10:
All versions < VX.2.10 Update 4
Update to VX.2.10 Update 4 or later version
https://support.sw.siemens.com/en-US/product/1644094854/download/202201034

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition Enterprise VX.2.6:
All versions
Apply the hotfix
https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition Enterprise VX.2.7:
All versions < VX.2.7 Update 19
Update to VX.2.7 Update 19 or later version
https://support.sw.siemens.com/en-US/product/852852130/download/202201039

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition Enterprise VX.2.8:
All versions < VX.2.8 Update 13
Update to VX.2.8 Update 13 or later version
https://support.sw.siemens.com/en-US/product/852852130/download/202201037

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition Enterprise VX.2.10:
All versions < VX.2.10 Update 4
Update to VX.2.10 Update 4 or later version
https://support.sw.siemens.com/en-US/product/852852130/download/202201033

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition IC Packaging (XCR) VX.2.10:
All versions < VX.2.10 Update 4
Update to VX.2.10 Update 4 or later version
https://support.sw.siemens.com/en-US/product/1644094857/download/202201036

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition IC Packaging VX.2.6:
All versions
Apply the hotfix
https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition IC Packaging VX.2.7:
All versions < VX.2.7 Update 19
Update to VX.2.7 Update 19 or later version
https://support.sw.siemens.com/en-US/product/1091814625/download/202201040

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition IC Packaging VX.2.8:
All versions < VX.2.8 Update 13
Update to VX.2.8 Update 13 or later version
https://support.sw.siemens.com/en-US/product/1091814625/download/202201038

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations
Xpedition IC Packaging VX.2.10:
All versions < VX.2.10 Update 4
Update to VX.2.10 Update 4 or later version
https://support.sw.siemens.com/en-US/product/1091814625/download/202201035

Additional information is available at https://support.sw.siemens.com/en-US/product/1644094854/knowledge-base/MG618343
See further recommendations from section Workarounds and Mitigations

CVSS v3.1 Base Score 10.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

CVSS v3.1 Base Score 9.0
CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
CWE: CWE-20: Improper Input Validation

https://www.siemens.com/cert/advisories