Log4Shell

Last Updated: February 9, 2022

Overview

Vulnerability that are called "Log4Shell" in Apache Log4j has been reported. Regarding potential impact to Yokogawa products, please check below.

 

・CENTUM VP : Not Affected *

・ProSafe-RS/ProSafe-RS Lite: Not affected

・Exaopc: Not affected

・Exaquantum: Not affected

・Exaplog: Not affected

・STARDOM: Not affected

・FAST/TOOLS: Not affected

・CI Server: Not affected

・PRM: Not affected

・VTSPortal: Not affected

・SMARTDAC+ GX/GP/GM/GA: Not affected

・DAQSTATION DX: Not affected

・DAQMASTER MX/MW: Not affected

・FA-M3: Not affected

・e-RT3: Not affected

* Exclude Unified Gateway Station (UGS2) Standard Function R6.03.10 - R6.06.00. Please refer to YSAR-22-0003 for details.

 

If new Yokogawa products are found to be affected by the vulnerability, Yokogawa will provide detail information in Yokogawa Security Advisory Report (YSAR) as soon as countermeasures become available.

 

Yokogawa Security Advisory Report
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/ 

The Yokogawa Group Vulnerability Handling Policy
https://www.yokogawa.com/eu/solutions/products-platforms/announcements/vulpolicy/ 

Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the vulnerability. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.

 

Reference Site

Vulnerability Note VU#930724
https://kb.cert.org/vuls/id/930724
CVE-2021-45046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

Op zoek naar meer informatie over onze mensen, technologie en oplossingen?

Contact

Top