Critical vulnerability of the Java library Log4j

As you have probably already learned, there is currently a very critical security vulnerability concerning the Java library "Log4j". According to the assessment of the German Federal Office for Information Security (BSI), this leads to an extremely critical threat situation (see https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211211_log4Shell_WarnstufeRot.html).

As a rule, B-CON systems operate in physically or virtually separated IP networks, which reduces the possibilities for attack and thus the risk of attack.

So is B-CON and its used components affected by the security vulnerability? - We have checked B-CON for the use of the log4j library!

Our analysis has shown that the critical log4j-core library is not used in the B-CON core application as well as in the native drivers. All other Java-based components and services in B-CON do not use log4j to the best of our current knowledge. The risk that the possible use of the critical library log4j in the third-party software we use could lead to security vulnerabilities is estimated to be low according to our current knowledge.

Should this assessment change, we will inform you in the short term.

Would you like to learn more about this? One of our experts will be happy to get in touch with you: