Note on Java Vulnerability Log4Shell

WEBfactory products confirmed unaffected by Log4Shell vulnerabilities

Published on Dec 14, 2021


On December 9th 2021, a 0-day exploit in the Java logging library log4j (version 2) published as CVE-2021-44228, (critical CVSSv3 10) was divulgated.
We are currently investigating the potential impact of these vulnerabilities for our WEBfactory branded products, currently no investigated product has used the vulnerable component.


An affected product may be vulnerable to remote Code Execution (RCE) by logging a certain string. All WEBfactory products confirmed unaffected by Log4Shell vulnerabilities.

All versions of the following products are not vulnerable:

  • WEBfactory 2006
  • WEBfactory 2010
  • i4SCADA
  • i4BACnet
  • i4connected
  • i4HMI
  • i4designer

Further information on the overall situation is available from the Federal Office for Information Security.