Important update to our Teamcenter customers regarding Log4j
A vulnerability has been found that impacts Teamcenter installations. The vulnerability (CVE-2021-44228) is in Apache Log4j package which is very commonly used on Java applications worldwide.
You can find more information for example here:
Based on our estimation, Teamcenter is not in the most vulnerable position as it is typically deployed in an internal network, protected by firewalls with limited or zero access to open internet. However, if this is left unpatched it gives in data breach or malware situations easy access to use remote code execution on vulnerable servers.
IDEAL GRP is taking all security-related matters extremely seriously. We have deployed a team to coordinate further activities with Siemens, and prepare instructions and tools for you to mitigate or remove the risk from your Teamcenter installation.
Siemens has released a Service Field Bulletin (SFB) for the topic, please follow this actively as the affected version list may be updated:
You can already mitigate the risk by following instructions in that SFB and taking care that your Teamcenter installations are not exposed to the public internet. It is also important that you take action to resolve the vulnerability in your other applications.
The overall process to resolve this matter is closely followed by the IDEAL GRP leadership team and it has the highest priority.