SIMetrix/SIMPLIS Does Not Contain Log4J

While there are a number of flavors and private-label versions of SIMetrix/SIMPLIS, none of them contain the Log4J vulnerability so recently thrust into the security world's spotlight.

To be exploitable, the vulnerability requires:
  1. a product written all or in part in the Java language (or at least one that runs on the Java Virtual Machine)
  2. the presence of the Log4J compiled library in the product
  3. code in that product that uses or calls for the Log4J classes/methods

All full SIMetrix/SIMPLIS versions prior to v8.40, as well as all private-labeled versions of our SIMetrix/SIMPLIS AE product (regardless of version), lack any Java components, and therefore match none of the above vulnerability pre-requisites.

The following products do not ship with the Java interpreter or the Log4J vulnerability:
  • SIMetrix/SIMPLIS Classic, Pro and Elite v8.30 and below
  • SIMetrix/SIMPLIS Elements (all versions)
  • Microchip's MPLAB Mindi (all versions)
  • Maxim's EE-SIM OASIS (all versions)
  • MPS' MPSmart (all versions)
  • Renesas' iSim:PE (all versions)

Full SIMetrix/SIMPLIS releases v8.40 and above do contain some components written in Java (to support the Magnetics Design Module), however they do not ship with the Log4J library or call any of its methods.

The following products do ship with a Java interpreter, but do not contain the Log4J vulnerability:

  • SIMetrix/SIMPLIS Classic, Pro and Elite v8.40 and above

Please direct any requests for additional information to support@simplis.com.

 

Link
/news/2021/12/22/simetrix-simplis-does-not-contain-log4j