On December 9, 2021, a very serious vulnerability in the popular Java-based logging package “Log4j” was announced and on December 11, 2021, the BSI officially warned of this vulnerability: BSI – Press – Warning level red: Log4Shell vulnerability leads to extremely critical threat situation (www.bsi.bund.de).
This vulnerability allows an attacker to execute code on a remote server (Remote Code Execution, RCE) and makes Log4J susceptible to a denial-of-service attack, for example. The vulnerability is currently being exploited worldwide with various forms of attack. For further information, see https://cve.mitre.org under CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832.
The control software of all MMM series is not affected by the security vulnerability.
Updates for MMM software available
If you use one of the MMM software products RUMED360® Cycles (“SimServ”), RUMED360® Cycles View (“Batch Viewer”), RUMED360® Sicon (“SiCon”) or RUMED360® ISA Server (“ISA”), please contact your regional MMM service manager or write to us at email@example.com.
An update for the above mentioned MMM software products with the official patches of the Java library Log4J is available.
Further information can be found in the MMM Cybersecurity Communication:
On December 9, 2021, a very serious vulnerability in the popular Java-based logging package “Log4j” was announced and on ...