Critical Manufacturing (CM) Sector Partners,
We are please to inform you that CISA and its partners have created a GitHub Repository for its sector partners to immediately identify, mitigate, and update affected products using Log4j to the latest version; and to inform your end users of products that contain these vulnerabilities and strongly urge them to prioritize software updates.
If your organization is running products with Log4j, or to determine whether your organization’s products with Log4j are vulnerable, you are encouraged to follow both verification methods below:
- CISA GitHub Repository: https://github.com/cisagov/log4j-affected-db
- Log4j Scanner Tool: https://github.com/CERTCC/CVE-2021-44228_scanner
For more information on how to run the above mentioned methods, please follow the guidance provided on this page: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance.
To report any compromises, we encourage you to immediately reach out to CISA and the FBI.
As always, if you have any questions or concerns pertaining to this email, you may reach out to the CM Section Team at criticalmanfacturingsector@cisa.dhs.gov. Thank you.
Kind Regards,
Patti Escatel
Critical Manufacturing Sector
Cybersecurity and Infrastructure Security Agency
Mobile: 202.823.0487 | patti.escatel@cisa.dhs.gov