Note on Java Vulnerability Log4Shell

WEBfactory products confirmed unaffected by Log4Shell vulnerabilities

Published on Dec 14, 2021

Overview

On December 9th 2021, a 0-day exploit in the Java logging library log4j (version 2) published as CVE-2021-44228, (critical CVSSv3 10) was divulgated.
We are currently investigating the potential impact of these vulnerabilities for our WEBfactory branded products, currently no investigated product has used the vulnerable component.

Impact

An affected product may be vulnerable to remote Code Execution (RCE) by logging a certain string. All WEBfactory products confirmed unaffected by Log4Shell vulnerabilities.

All versions of the following products are not vulnerable:

  • WEBfactory 2006
  • WEBfactory 2010
  • i4SCADA
  • i4BACnet
  • i4connected
  • i4HMI
  • i4designer

Further information on the overall situation is available from the Federal Office for Information Security.

WordPress Cookie Plugin by Real Cookie Banner