TotalCAE Platform Software is NOT vulnerable to the Log4Shell/Log4j exploit (CVE-2021-44228).

The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell

We are tracking other popular CAE tool vendor responses below that have public status updates:

Ansys: See https://learningcommunity.ansys.com/index.php/ansys-customer-update

SIEMENS: See https://cert-portal.siemens.com/productcert/txt/ssa-661247.txt

3DS: See https://www.3ds.com/support/news/single/apache-log4j-vulnerability-cve-2021-44228/ and https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e (login required)

ThermoAnalytics: TAITherm, TAIThermIR, MuSES, and CoTherm. Emailed statement not impacted.

Altair: https://web.altair.com/security-bulletin (login required)

COMSOL: https://www.comsol.com/support/knowledgebase/1292

SIDACT (FEMZIP) : https://www.sidact.de/news0/16092021-1-1

Intel: https://www.intel.com/content/www/us/en/developer/articles/release-notes/intel-oneapi-hpc-toolkit-release-notes.html