Dec 17, 2021

Pilz hardware not affected by "Log4Shell" vulnerability in software library Log4j Vulnerability is highly unlikely to be exploited in Pilz Software products

Dear Madam or Sir,

On December 10th, 2021, the BSI (the German Federal Office for Information Security) published a cyber security alert on the so-called "Log4Shell" vulnerability in the software library Log4j. Log4j is used in many Java applications.

From the BSI alert:

"An IT security vendor blog [LUN2021] reports on vulnerability CVE-2021-44228 [MIT2021] in log4j versions 2.0 through 2.14.1, which may allow attackers to execute their own program code on the target system and thus compromise the server."

https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549177-1032.pdf

Further information is available at:

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Webanwendungen/log4j/log4j_node.html

https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance (in English)

Pilz's analysis revealed the following:

  • Pilz hardware components do not use Java and thus no log4j. Therefore, these components are not affected.
  • Pilz Software products partially use log4j versions 2.0 to 2.14.1 (current vulnerability CVE-2021-44228). Analyses to date have shown that it is highly unlikely that the vulnerability can be exploitedIf, contrary to expectations, there is a risk, we will publish a security advisory.

  • In some Pilz Software products, log4j version 1.2.x is used. The exploitation of the vulnerability in this version (CVE 2021-4104) requires, among other things, a specific configuration. However, this configuration is not used in Pilz Software products.

We hope this information is helpful to you. If you have any further questions, please contact our technical support: support@pilz.com.

With best regards

Pilz GmbH & Co. KG

Headoffice

Pilz GmbH & Co. KG
Felix-Wankel-Straße 2
73760 Ostfildern
Germany

Telephone: +49 711 3409-0
E-Mail: pilz.gmbh@pilz.de

Americas

  • Brazil: + 55 11 4942-7032
  • Canada: +1 888-315-PILZ (315-7459)
  • Mexico: +52 55 5572 1300
  • United States (toll-free): +1 877-PILZUSA (745-9872)

Europe

  • Denmark: +45 74436332
  • Austria: +43 1 7986263-444
  • Belgium: +32 9 321 75 70
  • United Kingdom: +44 1536 462203
  • Sweden: +46 300 13990 / +45 74436332
  • Netherlands: +31 347 320477
  • Russia: +7 495 6654993
  • Turkey: +90 216 5775552
  • Finland: +358 10 3224030 / +45 74436332
  • Germany: +49 711 3409 444
  • Spain: +34 938497433
  • Italy: +39 0362 1826711
  • France (toll-free): +33 3 88104000
  • Portugal: +351 229 407 594
  • Switzerland: +41 62 889 79 32
  • Ireland: +353 21 4804983

Asia Pacific

  • Japan: +81 45 471 2281
  • Australia (toll-free): +61 3 9560 0621 / 1300 723 334
  • South Korea: +82 31 778 3390
  • China: +86 400-088-3566
  • Singapore: +65 6829 2920
  • New Zealand: +64 9 6345350
  • Thailand: +66 210 54613
  • Taiwan: +886 2 25700068
Was this article helpful?