In December 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability that was assigned a risk severity of 10 which is the highest possible risk score.
The source of this vulnerability is Log4J, a logging library commonly used by a wide variety of applications. Log4J libraries are widely used by other frameworks that are used for many popular web sites and services, and it is also commonly used in custom enterprise systems. Log4j is an open-source library that is part of the Apache Logging Service.
Graph-Tech’s system controllers do not use any Log4J libraries or Java and all of the applications used on our systems have been verified to be safe, but we recommend that the system be updated with the latest Microsoft system updates. To do the Microsoft updates the system needs to be connected to an internet connection (on the “Factory” port) and the Windows Update service needs to be run so the updates can be downloaded and installed.
Here’s a screen capture showing a fully patched GT Controller:
After completing the system updates, a full scan of the system was completed with a result of no current threats found.
An audit of applications on our system showed that no vulnerable applications are used on our system.
If you have installed any applications, then you should do your own audit of the programs that have been installed.
Additionally, we recommend that the system not be connected to an internet connected network or that any software be installed on the system as this could affect the performance and reliability of our real-time operating system and this could adversely affect the overall reliability of the system.
If you have any questions or concerns please feel free to contact our support department at +1-772-569-0066 x307 or send E-mail to firstname.lastname@example.org
Graph-Tech will continue to monitor this vulnerability and we will provide updates as necessary.