EIBPORT not affected by Log4J security vulnerability

2 years ago

ALL-CLEAR FOR THE EIBPORT

We give the all-clear for our EIBPORT regarding the vulnerability named Log4Shell (CVE-2021-44228) in the logging library Log4J. The EIBPORT is explicitly not affected by the vulnerability.

In the following devices we use an affected version of the log4j library:

APPMODULE (from version 1.6.2)
CUBEVISIONMODULE (version 1.5.0)
LOGIKMODULE (version 1.0.1)

Despite the fact that, to the best of our knowledge, it is not possible to exploit the security vulnerability without login data, we recommend updating the firmware of these units.

The following firmware versions close the Log4Shell security vulnerability:

APPMODULE – Version 1.7.1
CUBEVISIONMODULE – Version 1.5.1
LOGIKMODULE – Version 1.0.2

Get information on the security vulnerability on Apache

APPMODULE – Firmware update 1.7.5

22/09/2023

ISE Barcelona – Discover the APP MODULE

11/05/2022