Update 1 – Highly Critical Zero-Day Vulnerability Java Library Log4j (CVE-2021-44228)
13th December 2021
All products of VIVAVIS and its subsidiaries have been scanned for the highly critical zero-day vulnerability in the Java library Log4j (CVE-2021-44228). Only the following products are affected by the vulnerability:
HIGH-LEIT AppServer (VIVAVIS AG)
The vulnerability can be closed by a parameter change. The affected customers and partners will be contacted directly by VIVAVIS AG shortly to make the change.
360°-AM / ACOS NMS (Asset Management System, Caigos GmbH)
Affected are the product versions from V3.22. The vulnerability can be closed by a parameter change. The affected customers and partners will be contacted directly by Caigos GmbH shortly to make the change.
EFFICIO (Energy controlling system, Berg GmbH)
A required patch is in preparation. All affected customers will be contacted by Berg GmbH shortly to make the patch for the energy controlling system.
As long as the vulnerabilities in the above mentioned systems are not closed, they should remain disconnected from the network.
All other products of VIVAVIS AG do not use Log4j or use a version and program configuration that is not affected by the vulnerability!
The hosted customer systems that were disconnected from the network as a precautionary measure by VIVAVIS are online again.
The analysis of the 3rd party products is still ongoing. We will inform you about the results shortly. If you have further questions or need technical support, please contact our Costumer center.
Our RSS feed always keeps you up to date! This way, you’ll receive same-day notification when a new article has been posted to the IT Security Bulletin. Just enter the following link in your feed reader:
You can find out how to integrate the RSS feed into Outlook here.