Some content on this site is available only to logged-in subscribers. Contact Us for information on becoming a subscriber.

InSource.Solutions | InSource Training | InSource Client Portal
InSource Solutions Logo
Log In Sign Up
InSource.Solutions InSource Training InSource Client Portal Log In Sign Up
  • Home
  • AVEVA Historian
  • AVEVA Historian Support Cases

[ISS Support Case] Log4j Vulnerability

Last updated: October 17th, 2025

Description

Rapid7 is showing these 4 vulnerabilities on the 2 Wonderware servers in Magnolia Apache Log4j Core: CVE-2021-44228: JNDI support has not restricted what names could be resolved allowing remote code execution Apache Log4j Core: CVE-2021-44832: Apache Log4j2 Remote Code Execution Apache Log4j Core: CVE-2021-45046: Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations Apache Log4j Core: CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation The file locations are as below 10.25.16.82 am112v1582 Microsoft Windows Server 2016 Standard Edition 1607 AM112 - Mills - Magnolia - Process Network 1/26/2022 Vulnerable software installed: Apache Log4j Core 2.11.1 (C:\Program Files (x86)\Wonderware\HistorianSearch\elasticsearch-6.7.0\lib\log4j-core-2.11.1.jar) 10.25.16.75 am112v1575.cmc.com Microsoft Windows Server 2016 Standard Edition 1607 AM112 - Mills - Magnolia - Process Network 1/24/2022 Vulnerable software installed: Apache Log4j Core 2.11.1 (C:\Program Files (x86)\Wonderware\HistorianSearch\elasticsearch-6.7.0\lib\log4j-core-2.11.1.jar) I heard from Nancy and Shane recently that you upgraded the Wonderware in Magnolia to fix the Button sticking issues. Can you please take a look at this sometime and see if it is possible to upgrade the Log4j for Wonderware if it is needed. We certainly do not want to interrupt operations.

  • Author: Kevin Modlin
  • Published: October 17th, 2025

Details:

Product: Historian
Version: 2017
Solution: [Solution is visible below when you're logged in and have a current subscription]
Date Created: 02/03/2022
Case: 80890
Give feedback about this article

Recommended articles

[ISS Support Case] Historian loses connection after shutting down

If the historian is shut down and disabled then re-enabled it doesn't connect to tags that haven't changed. Reboot re-establishes connection.

Read More

[ISS Support Case] Trying to access old history blocks

They have a very old system they're trying to open a trend or see the data, but they don't see a trend program and can't figure out how to open the file. They believe they have the data, but it's running in demo mode and won't show data. This is an offline PC and they want to avoid putting it online, so we can't do a screen share.

Read More

[ISS Support Case] Trend SQL Login Failure

Client reached out due to receiving time out error message when logging into SQL to View Trends remotely on Development node.

Read More

[ISS Support Case] Wanting to pull 9 months of historized data

-Customer is wanting Historized data from the last 9 months in a .CSV file. Or in SQL. and wants to know the best practices.

Read More
Support Icon

CONTACT SUPPORT

How to reach us

10800 Midlothian Turnpike Tpke, Suite 209, Richmond, VA 23235

1.877.INSOURCE

Technical Support - 1.888.691.3858

Contact Us

  • InSource Solutions
  • InSource Training
  • InSource Client Portal
  • Log In
InSource Solutions Logo

© 2025 InSource Solutions. All Rights Reserved.

Knowledge Base Software powered by Helpjuice

Expand