ALL-CLEAR FOR THE EIBPORT
We give the all-clear for our EIBPORT regarding the vulnerability named Log4Shell (CVE-2021-44228) in the logging library Log4J. The EIBPORT is explicitly not affected by the vulnerability.
In the following devices we use an affected version of the log4j library:
- APPMODULE (from version 1.6.2)
- CUBEVISIONMODULE (version 1.5.0)
- LOGIKMODULE (version 1.0.1)
Despite the fact that, to the best of our knowledge, it is not possible to exploit the security vulnerability without login data, we recommend updating the firmware of these units.
The following firmware versions close the Log4Shell security vulnerability: