Log4j is a Java component affected by a security vulnerability (CVE-2021-44228), known since Friday 10th December 2021. The component is NOT USED in SIMATIC WinCC OA versions V3.11 - V3.18, nor in SIMATIC WinCC OA IOT Suite. The mentioned products are therefore currently considered as not affected by this vulnerability.
The component may however be used together with WinCC OA in an Industrial Automation and Control System. Please evaluate your system and contact your integrator/distributor for additional information how to protect your assets.