Is there any impact for Barco Products on the Log4Shell vulnerability? (CVE-2021-44228)

[KB12495]

This article applies to the following products:

Vulnerability details:

On December 9, 2021, a vulnerability was detected in Log4j, an open-source Java logging library maintained by the Apache Software Foundation. Log4j is used by a very large percentage of the Java programs developed in the last years for both client and server applications. This vulnerability has been assigned CVE-2021-44228 and received the name "Log4Shell". 

CVE-2021-44228 enables attackers to perform unauthenticated remote code execution. Due to its high severity that affects the core of Log4j, its wide usage across business applications, and the public availability of an exploit, Barco’s security team started an assessment on the Barco product range.

Impact on Barco products:

Barco is currently analyzing the impact on Barco products. As the investigation continues, assessment results will be updated. In the table below, not applicable means that Log4j is not used.

Product Status
QAweb Enterprise Not applicable
MediCal QAWeb Not affected*
MXRT Display Driver & Intuitive Workflow Tools Not applicable
NexxisCare Not applicable
NexxisLive Not applicable
Nexxis WorkSpot  Not applicable
NexxisOR Not affected*
Demetra Not affected
ClickShare (Base Units, Buttons, and Apps)  Not applicable
XMS Cloud Not applicable
XMS Edge Not applicable
CMGS Not applicable
TransForm N (TFN) Not affected*
OpSpace Affected
Limited to Audit Logging feature.
Hotfix available.
For more details, see [KB12493]
UniSee Present Not applicable
SecureStream Not applicable
Video Wall Management suite (cloud)   Not applicable
Video Wall Manager (onprem)  Not applicable
Green Barco Wall Control Manager (gBCM)   Not affected*
WeConnect Not applicable
WePresent Not applicable
Overture Not applicable
Projector Management Suite  Not applicable
Projector Toolset Not applicable
Webanalyser Not applicable
Projector embedded software Not applicable
Infinipix  Not applicable
ECU-200 with DCS (Display Control suite) Not applicable

Please note that the above article contains preliminary information and will be updated regularly.

Barco products are designed with security, privacy, and confidentiality in mind. And with every software release, new features and fixes are added to the product range. Additionally, Barco has an information security management system (ISMS) which complies with the ISO 27001 standard, covering policies, management involvement, business processes, technology, compliance with local laws, security awareness, and security best practices. The products and locations in scope are specifically mentioned on our certificate, which can be found on https://www.barco.com/en/about-barco/legal/certificates 

*

This recent vulnerability disclosure caused widespread and renewed security attention for this framework, which itself led to the discovery of new vulnerabilities, both in Log4j version 1 and version 2.

Although a large percentage of our product portfolio is not using Log4j, Barco is currently performing a broader investigation beyond the scope of the “Log4Shell” vulnerability to determine the impact on our products.

An overview of the current assessment results can be found in [KB12503].

Properties

[KB12495]

Last updated Jan 05 2022

Was this information helpful?