QID 590619

Date Published: 2021-12-30

QID 590619: Siemens SENTRON Powermanager Apache Log4j Denial of Service (DoS) Vulnerability (SSA-661247) (Log4Shell)

SENTRON Powermanager allows you to meter all your utilities including gas, steam, air and water and set up general condition alarming and pre-event alarms for impending or imminent conditions.
Affected Versions:
SENTRON Powermanager versions 4.1, 4.2

QID Detection Logic:(Authenticated)
This QID checks for the vulnerable version of SENTRON Powermanager.

Successful exploitation of this vulnerability could lead to denial of service.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    Please refer to SENTRON powermanager for updates pertaining this vulnerability.
    Workaround:
    The vendor has Advised Remove the JndiLookup class from the classpath.

    CVEs related to QID 590619

    Software Advisories
    Advisory ID Software Component Link
    109805602 URL Logo support.industry.siemens.com/cs/ww/en/view/109805602/