QID 590638

Date Published: 2021-12-29

QID 590638: Schneider Electric EcoStruxure IT Gateway Apache Log4j Vulnerability (Log4Shell) (SESB-2021-347-01)

Schneider Electric reports the vulnerability affects the following EcoStruxure IT Gateway versions:
versions 1.5.0 to version 1.13.0

CISA will update this document as more mitigations are identified by affected vendors.

QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning.

Successful exploitation of this vulnerability could allow for unauthenticated remote code execution (RCE) and possibly access to servers.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    Customers are advised to refer to CERT MITIGATIONS section SESB-2021-347-01 for affected packages and patching details.
    Vendor References

    CVEs related to QID 590638

    Software Advisories
    Advisory ID Software Component Link
    SESB-2021-347-01 URL Logo www.se.com/ww/en/download/document/SESB-2021-347-01/