Last Updated: February 9, 2022
Overview
Vulnerability that are called "Log4Shell" in Apache Log4j has been reported. Regarding potential impact to Yokogawa products, please check below.
・CENTUM VP : Not Affected *
・ProSafe-RS/ProSafe-RS Lite: Not affected
・Exaopc: Not affected
・Exaquantum: Not affected
・Exaplog: Not affected
・STARDOM: Not affected
・FAST/TOOLS: Not affected
・CI Server: Not affected
・PRM: Not affected
・VTSPortal: Not affected
・SMARTDAC+ GX/GP/GM/GA: Not affected
・DAQSTATION DX: Not affected
・DAQMASTER MX/MW: Not affected
・FA-M3: Not affected
・e-RT3: Not affected
* Exclude Unified Gateway Station (UGS2) Standard Function R6.03.10 - R6.06.00. Please refer to YSAR-22-0003 for details.
If new Yokogawa products are found to be affected by the vulnerability, Yokogawa will provide detail information in Yokogawa Security Advisory Report (YSAR) as soon as countermeasures become available.
Yokogawa Security Advisory Report
http://lhbnz.szjesia.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
The Yokogawa Group Vulnerability Handling Policy
http://lhbnz.szjesia.com/eu/solutions/products-platforms/announcements/vulpolicy/
Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the vulnerability. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.
Reference Site
Vulnerability Note VU#930724
https://kb.cert.org/vuls/id/930724
CVE-2021-45046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
Looking for more information on our people, technology and solutions?
Contact Us