A security vulnerability in Apache Log4j was announced on Github on December 9th with the highest severity score of 10. Since it’s a widely used tool to log information within Java applications, it’s expected that the vulnerability will be extensively exploited.
IXON, as a key partner in cybersecurity for machines and manufacturing plans worldwide, consequently performed a thorough vulnerability assessment of its systems. The detailed analysis by IXON’s security team found that the IXON products and platform are not vulnerable.
IXON Security Officer Dylan Eikelenboom made the following statement: “Last week various publications disclosed a new vulnerability, called Log4Shell, which affects the Apache Log4j-tool. This vulnerability can be exploited to inject ransomware into the systems and software affected. The IXON Cloud, IXrouter and any other systems we employ do not use this software and are therefore not vulnerable.”
Tips to keep all your systems and applications secure
The Log4j vulnerability occurs if:
- The server is directly accessible via the internet
- The server is running a Java application accessible via the internet
- The Log4j V2 module is enabled
What can you do to mitigate the issue? Get in touch with the supplier or admin of any servers/applications used in your organisation to inform about the vulnerability. If you do run the risk of exploitation, update to Apache Log4j 2 version 2.15.0 as soon as possible.
Additional sources of information regarding the vulnerability:
- Apache Log4j Security Vulnerabilities
- International Github list of vulnerable applications
- Dutch National Cyber Security Centre on which steps to take
- UK National Cyber Security Centre on Log4j
- US National Institute of Standards and Technology
To read more about how IXON keeps its products and systems secure, download our security whitepaper.