0
- No products in the cart.
Siemens Software news & updates can be found here.
Still have questions? Contact us anytime and one of our experts will be happy to help!
Powered in Partnership with Dell, exclusive for Swoosh Customers
Executing game-changing designs starts with innovative products and solutions. Swoosh Technologies has partnered with Dell Technologies to provide specialized hardware configurations for NX users.
New Siemens Support Center
The newly launched tool offers a personalized Support experience, providing quick access to all the product resources customers need to maximize their product investment.
Apache Log4j Vulnerability Impact on Solid Edge
On 09-Dec-2021, a vulnerability in Apache Log4j (a logging tool used in many Java-based applications) was disclosed, that could allow remote unauthenticated attackers to execute code on vulnerable systems. The vulnerability is tracked as CVE-2021-44228 and is also known as "Log4Shell".
DETAILS
At this time, the impact on Solid Edge and its Portfolio suite of tools is limited to the Teamcenter Integration for Solid Edge Wiring & Harness Design and Solid Edge CAM Pro. The rest of our Solid Edge product suite remains unaffected. The following contains the vulnerable version (2.x.x) of Apache Log4j:Solid Edge Wiring Harness Design (SEWHD)- 2020 SP2002 or later- 2021 – all versions- 2022 – all versionsSolid Edge CAM Pro (SECP)- 2020 – all versions- 2021 – all versions- 2022 – all versionsNote: Older Log4j files (Log4j versions 1.x.x ) found within other Solid Edge add-on applications, such as Geolus, do not contain the vulnerable JndiLookup.class and therefore are unaffected by the vulnerability. Workarounds and MitigationsThe Vulnerable Component, log4j-core.jar, is located at the following locations:SEWHD- <Install Drive>:Program FilesSiemensSolid Edge Wiring and Harness Design 2022libteamcenterextraslog4j-core.jarSECP 2020- <Install Drive>:Program FilesSiemensSolid Edge CAM ProUGMANAGERsoatc12000.4.0log4j-core-2.13.0.jar contains Log4J-2.x- <Install Drive>:Program FilesSiemensSolid Edge CAM ProUGMANAGERtccsthird_partyTcSSTcSS12.4jarslog4j-core-2.13.0.jarSECP 2021- <Install Drive>:Program FilesSiemensSolid Edge CAM Pro 1980UGMANAGERsoatc13000.2.0log4j-core-2.14.0.jar- <Install Drive>:Program FilesSiemensSolid Edge CAM Pro 1980UGMANAGERtccsthird_partymldtc13.1.0.0.2020062600log4j-core-2.13.0.jar- <Install Drive>:Program FilesSiemensSolid Edge CAM Pro 1980UGMANAGERtccsthird_partyTcSSTcSS13.1jarslog4j-core-2.13.0.jarSECP 2022- <Install Drive>:Program FilesSiemensSolid Edge CAM Pro 2007UGMANAGERsoatc13000.3.0log4j-core-2.14.0.jar- <Install Drive>:Program FilesSiemensSolid Edge CAM Pro 2007UGMANAGERtccsthird_partymldtc13.2.0.0.2021012502log4j-core-2.14.0.jar- <Install Drive>:Program FilesSiemensSolid Edge CAM Pro 2007UGMANAGERtccsthird_partyTcSSTcSS13.2jarslog4j-core-2.14.0.jarPlease apply the mitigation stated in the following Teamcenter Suite knowledgebase article. The steps involve removing a file from the above mentioned log4j-core.jar file whose functionality is unused (org/apache/logging/log4j/core/lookup/JndiLookup.class)https://support.sw.siemens.com/en-US/knowledge-base/PL8600700We are working with the Teamcenter product team to ensure we integrate the main fix as soon as it is qualified and made available.Please continue to watch this article for future updates
