The issue can be observed on systems deploying DDMS (Digital Conventional, IP Site Connect, Capacity Plus and MultiSite Capacity Plus systems) when performing a system scan for vulnerability threats. Antivirus software can also pick this threat as “Security Vulnerability CVE-2018-1285 for log4net”. 
DDMS Software is using an internally customized branch of the affected version 1.2.10 of Log4net libraries. 

The attack vector used to exploit CVE-2018-1285 is through the XML parser when log4net parses an XML configuration file, which requires the use of the XmlConfigurator class. The DDMS application does not use this method to configure log4net, but instead uses the BasicConfigurator class. Given this information it has been determined that it is unlikely that attackers would be able to exploit this vulnerability through the DDMS application.
Issue was root caused and it will be addressed in the upcoming DDMS release M2022.01

The likelihood of exploitation is reduced by having appropriate security and authentication measures in place when connecting Motorola Solutions’ products to the internet. Additionally, as a general practice, we strongly recommend that our customers regularly take the following steps:
1. When possible, do not allow internet exposure for mission-critical devices and/or systems and, when internet exposure is required, always apply strong authentication controls including 2 factor authentication and VPN (Virtual Private Network) connection.
2. Ensure connections to the internet are always done in a secure manner with strong authentication controls.
 
3. Contact your security device vendors (i.e., web application firewall vendors) to confirm that all detection or preventative capabilities have been applied.
4. Apply all updates provided by Motorola Solutions and other vendors, as soon as possible.
 
5. Review user and administrative accounts to ensure no unauthorized accounts are present.

Upgrade DDMS Software to version M2022.01 when it becomes available.