To reduce the false positives generated by your vulnerability scanner, you can modify the log4j files in the installation folder of Industrial HiVision (08.1.04 and 08.2.00) as follows, with known consequences for the functionality of the software:

Remove:

1. HiVision Kernel: <installation path>/lib/log4j-1.2.16.jar
   1. Known Consequence: The logging to the system event’s audit trail will not work anymore

In the error log of Industrial HiVision Kernel you will see:  SEVERE: Audit Trail logger cannot be instantiated or logging to the System log does not succeed

1. OPC UA: <installation path>/lib/opcua/lib/log4j-1.2.17.jar
   1. Known Consequence:  OPC UA Server will not start.

Rename:

1. HiVision Kernel: <installation path>/lib/log4j-1.2.16.jar

Known Consequence: None

1. OPC UA: <installation path>/lib/opcua/lib/log4j-1.2.17.jar
    Known Consequence: None