A critical security vulnerability was identified in the Apache Log4j library. Log4j is an open-source logging utility used in many Java applications. The security flaw could allow remote unauthenticated attackers to execute code on vulnerable systems.
We thoroughly analyzed our product portfolio, and we firmly concluded that the flaw does not affect our general platform. Only one connector which needs to be activated separately and has only been implemented in a few projects worldwide might pose a risk. Customers affected have been addressed separately via E-Mail.
For more information regarding the vulnerability, please follow Siemens CERT here.