Log4j is a java component that is currently affected by a security vulnerability (CVE-2021-44228), known since Friday 10th December 2021.
The component is not used in SIMATIC WinCC OA versions V3.11 - V3.18, nor in SIMATIC WinCC OA IOT Suite.
The mentioned products are therefore not concerned by this vulnerability.
The component may however be used together with WinCC OA in an Industrial Automation and Control System.
Please contact your integrator/distributor for additional information on protection of your assets.
CVE-2021-44228: Log4Shell / Log4j Remote Code Execution Vulnerability
Search