Is there any impact for Barco Products on other Log4j vulnerabilities?

[KB12503]

This article applies to the following products:

Vulnerability details:

Due to the recent discoveries of vulnerabilities in this framework, Barco did a detailed analysis of the impact of the vulnerability known as “Log4Shell” (CVE-2021-44228) on our product portfolio (result can be found here: [KB12495]).

However, this recent vulnerability disclosure caused widespread and renewed security attention for this framework, which itself led to the discovery of new vulnerabilities, both in Log4j version 1 and version 2.

Although a large percentage of our product portfolio is not using this framework, Barco is currently performing a broader investigation beyond the scope of the “Log4Shell” vulnerability to determine the impact on our products.

An overview of the current assessment results can be found below. As the investigation continues, these results will be updated. 

Impact on Barco products:

Barco is currently analyzing the impact on Barco products. As the investigation continues, assessment results will be updated. 

Product Status
MediCal QAWeb Investigated
For more details, see [KB12508]
NexxisOR Investigated
For more details, see [KB12510]
TransForm N (TFN) Investigated
For more details, see [KB12494]
OpSpace Investigated
For more details, see [KB12493]
Green Barco Wall Control Manager (gBCM)   Investigated
For more details, see [KB12507]

Please be aware that some security scanning tools only verify the version of a component to indicate if it is vulnerable or not. Based on our internal investigation of how the component is used and configured, we indicate if the vulnerability is exploitable or not. (cf. impact statement per CVE identifier in the KB).

Please note that the above article contains preliminary information and will be updated regularly.

During the ongoing investigation, Barco advises to isolate as much as possible the system/devices in your network and limit access to the network where possible.

The results above specifically exclude the impact of the “Log4Shell” (CVE-2021- 44228) vulnerability on our products. For that impact, see [KB12495].

Properties

[KB12503]

Last updated Mar 10 2022

Was this information helpful?