PTC's remediation strategy
All product remediation actions provided by PTC apply to current and actively supported software versions. However, the remediation steps for these versions are similar or identical to earlier versions that leverage Log4j v1 or v2 and are no longer actively supported by PTC.
PTC strongly encourages customers on non-supported versions to take similar actions to protect their infrastructure and should not assume that previous versions of the software are not impacted by the vulnerabilities. Notably, PTC provides numerous security and performance-related improvements as we release new versions of our software. PTC strongly advocates for customers to leverage supported versions at their earliest opportunity to take advantage of these improvements and have the strongest possible security posture.
PTC believes that addressing cybersecurity threats is a shared responsibility across software providers, customers and active users of the software, partners and software integrators, governments and regulators, and more. PTC remains committed to fulfilling its role as a software provider in this shared responsibility model and strongly encourages other groups – including customers and active users – to fulfill theirs.
Recommended remediation by core product
AdaWorld
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
ApexAda
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
Arena
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Atlas
Resolved, 5:30 AM EST Friday, December 10, 2021.
Arbortext
https://www.ptc.com/en/support/article/CS358998
Updated December 15, 2021 at 9:45 a.m.
Arbortext Content Delivery
https://www.ptc.com/en/support/article/CS358957
Updated December 23, 2021 at 9:33 a.m.
Arbortext IsoDraw
Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the Creo License Server: https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Axeda
https://www.ptc.com/en/support/article/CS358990
Updated December 14, 2021 at 11:45 p.m.
CADDS5
https://www.ptc.com/en/support/article/CS359313
Updated December 17, 2021 at 4:11 p.m.
Creo Direct
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Creo Elements Direct
https://www.ptc.com/en/support/article/CS358965
Updated December 22, 2021 at 9:22 a.m.
Creo Generative Design
Not vulnerable to Log4j CVE-2021-44228 vulnerability. No further action required.
Updated December 15, 2021 at 8:08 a.m.
Creo Illustrate
Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the Creo License Server: https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Creo Layout
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Creo Parametric
https://www.ptc.com/en/support/article/CS358831
https://www.ptc.com/en/support/article/CS359127
https://www.ptc.com/en/support/article/CS360340
Updated January 14, 2022 at 9:45 a.m.
Creo Schematics
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Creo Simulate
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Creo View
Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the Creo License Server: https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Creo View Adapters
https://www.ptc.com/en/support/article/CS359116
Updated December 22, 2021 at 9:22 a.m.
Empower
Not vulnerable to Log4j CVE-2021-44228 vulnerability.
Updated December 16, 2021 at 3:50 p.m.
iWarranty
Warranty analytics (Service Intelligence) uses IBM Cognos. Please refer to the Cognos section below under "3rd Party Tools/Products" for more details. All other modules are not vulnerable to Log4j CVE-2021-44228 vulnerability.
Updated December 17, 2021 at 9:11 a.m.
Kepware
https://www.ptc.com/en/support/article/CS358996
Updated December 15, 2021 at 8:45 a.m.
Mathcad
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
MKS Implementer
https://www.ptc.com/en/support/article/CS359084
Updated December 17, 2021 at 4:19 p.m.
MKS Toolkit
https://www.ptc.com/en/support/article/CS359123
Updated December 17, 2021 at 4:15 p.m.
MOVE
https://www.ptc.com/en/support/article/CS359320
Updated December 17, 2021 at 5:26 p.m.
ObjectAda
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
Onshape
Resolved 9:30 AM EST Friday, December 10, 2021.
Updated December 14, 2021 at 11:45 p.m.
Optegra
https://www.ptc.com/en/support/article/CS359312
Updated December 17, 2021 at 4:12 p.m.
Perc
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
PTC Modeler
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
PTC X/Server
https://www.ptc.com/en/support/article/CS359314
Updated December 17, 2021 at 4:17 p.m.
Service Knowledge Diagnostics (SKD)
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated April 29, 2024 at 6:45 p.m.
Servigistics
https://www.ptc.com/en/support/article/CS358886
Updated December 21, 2021 at 11:41 a.m.
TeleUSE
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
ThingWorx Analytics
https://www.ptc.com/en/support/article/CS358901
Updated December 15, 2021 at 9:45 a.m.
ThingWorx Platform
https://www.ptc.com/en/support/article/CS358901
Updated December 14, 2021 at 11:58 p.m.
Vuforia Chalk
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Vuforia Engine SDK
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Vuforia Engine Server
Resolved 9:28 AM PST Friday, December 14, 2021.
Updated December 16, 2021 at 12:56 p.m.
Vuforia Expert Capture
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Vuforia Instruct
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 14, 2021 at 11:45 p.m.
Vuforia Studio
Not vulnerable to Log4j CVE2021-44228 vulnerability. This update Includes Vuforia Experience Service and Vuforia View.
Updated December 17, 2021 at 12:08 p.m.
Webship
https://www.ptc.com/en/support/article/CS359321
Updated December 17, 2021 at 5:26 p.m.
Windchill Asset Library
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 17, 2021 at 12:09 p.m.
Windchill Navigate
https://www.ptc.com/en/support/article/CS359107
Updated December 14, 2021 at 5 p.m.
Windchill PLM and FlexPLM
https://www.ptc.com/en/support/article/CS358789
Updated January 12, 2022 at 9:17 a.m. EST
Windchill Process Director
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 21, 2021 at 4:32 p.m.
Windchill Product Analytics
Not vulnerable to Log4j 2.x vulnerabilities CVE-2021-44228 & CVE 2021-45046. Not vulnerable to Log4j 1.x vulnerability CVE-2021-4104.
Updated December 17, 2021 at 4:07 p.m.
Windchill Requirements Connector
https://www.ptc.com/en/support/article/CS358984
Updated December 20, 2021 at 11:37 a.m.
Windchill Risk and Reliability (Formerly Windchill Quality Solutions)
Not vulnerable to Log4j CVE-2021-44228 vulnerability. Refer to CS358831 for impacts related to the PTC License server:
https://www.ptc.com/en/support/article/CS358831
Updated January 14, 2022 at 9:45 a.m.
Windchill RV&S
https://www.ptc.com/en/support/article/CS358804
Updated December 14, 2021 at 11:58 p.m.
X32Plus
Not vulnerable to Log4j CVE2021-44228 vulnerability.
Updated December 15, 2021 at 8:08 p.m.
PTC cloud
In response to the Log4j security vulnerabilities, PTC Cloud fully committed to applying all formally recommended actions to protect against Apache Log4j 2 CVE-2021-44228 and CVE 2021-45046 across all technology vectors supported as part of our Cloud service.
As part of that commitment, we completely aligned with PTC’s various R&D organizations. As applicable and based on the latest published recommendations, we proactively and expeditiously executed required actions to best protect our customers against security threats.
PTC Cloud’s remediation actions can be found in our most recent published articles referenced under Cloud Products and Cloud 3rd Party sections below.
Across all technology platforms supported as part of our Cloud service, PTC Cloud has taken remediation actions to protect against all known critical vulnerabilities.
If you have any questions or concerns, please send your inquires to cloudservicemanagement@ptc.com and we will respond to you as soon as possible.
PTC Core Products
- Servigistics
- https://www.ptc.com/en/support/article/CS359570
- Windchill PLM and FlexPLM
- https://www.ptc.com/en/support/article/CS359518
PTC Cloud 3rd Party Products/Tools
- PLM – Ping Federate, Cognos, Solr, APE, AEM
- https://www.ptc.com/en/support/article/CS359518
- Axeda – Cognos
- https://www.ptc.com/en/support/article/CS359520
- IoT – Ping Federate
- https://www.ptc.com/en/support/article/CS359524
Recommended remediation by 3rd party products/tools
Adobe Experience Manager (AEM)
https://www.ptc.com/en/support/article/CS359116
Updated December 22, 2021 at 9:22 a.m.
Cognos
Refer to the IBM published update page for reported impacts and recommended remediation steps: An update on the Apache Log4j CVE-2021-44228 vulnerability
To address any immediate concerns, Cognos may be turned off until more details are confirmed. Report generation will be disabled until resolved. All other product functionality will remain normal.
- Windchill and Cognos: https://www.ptc.com/en/support/article/CS359007
Updated December 21, 2021 at 10:28 a.m.
Performance Advisor (Dynatrace App Mon)
https://www.dynatrace.com/news/blog/how-dynatrace-uses-dynatrace-to-combat-the-log4j-vulnerability
Updated: January 13, 2022
Ping Federate
https://www.ptc.com/en/support/article/CS358902
Updated December 14, 2021 at 11:58 p.m.
Solr
Refer to the Apache Solr published advisory for Solr related impacts and recommended remediation steps: Apache Solr affected by Apache Log4J CVE-2021-44228
To address any immediate concerns, Solr may be turned off until more details are confirmed. Index Search will be disabled until resolved. All other product functionality will remain normal.
- Windchill and Solr: https://www.ptc.com/en/support/article/CS359011
Updated December 21, 2021 at 4:32 p.m.
TIBCO
Refer to the TIBCO published article for TIBCO reported impacts and recommended remediation steps: Apache Log4J Vulnerability and Impact to TIBCO Products and Services
- Windchill and TIBCO: https://www.ptc.com/en/support/article/CS359008
Updated April 17, 2024 at 2:30 p.m.