To reduce the false positives generated by your vulnerability scanner, you can modify the log4j files in the installation folder of Industrial HiVision (08.1.04 and 08.2.00) as follows, with known consequences for the functionality of the software:
Remove:
- HiVision Kernel: <installation path>/lib/log4j-1.2.16.jar
- Known Consequence: The logging to the system event’s audit trail will not work anymore
In the error log of Industrial HiVision Kernel you will see: SEVERE: Audit Trail logger cannot be instantiated or logging to the System log does not succeed
- OPC UA: <installation path>/lib/opcua/lib/log4j-1.2.17.jar
- Known Consequence: OPC UA Server will not start.
Rename:
- HiVision Kernel: <installation path>/lib/log4j-1.2.16.jar
Known Consequence: None
- OPC UA: <installation path>/lib/opcua/lib/log4j-1.2.17.jar
Known Consequence: None