Is there any impact for Barco Products on the Log4Shell vulnerability? (CVE-2021-44228)

Article number: [5656] - Legacy code: [12495]

Applicable to

Vulnerability details:

On December 9, 2021, a vulnerability was detected in Log4j, an open-source Java logging library maintained by the Apache Software Foundation. Log4j is used by a very large percentage of the Java programs developed in the last years for both client and server applications. This vulnerability has been assigned CVE-2021-44228 and received the name "Log4Shell". 

CVE-2021-44228 enables attackers to perform unauthenticated remote code execution. Due to its high severity that affects the core of Log4j, its wide usage across business applications, and the public availability of an exploit, Barco’s security team started an assessment on the Barco product range.

Impact on Barco products:

Barco is currently analyzing the impact on Barco products. As the investigation continues, assessment results will be updated. In the table below, not applicable means that Log4j is not used.

ProductStatus
QAweb EnterpriseNot applicable
MediCal QAWebNot affected*
MXRT Display Driver & Intuitive Workflow ToolsNot applicable
NexxisCareNot applicable
NexxisLiveNot applicable
Nexxis WorkSpot Not applicable
NexxisORNot affected*
DemetraNot affected
ClickShare (Base Units, Buttons, and Apps) Not applicable
XMS CloudNot applicable
XMS EdgeNot applicable
CMGSNot applicable
TransForm N (TFN)Not affected*
OpSpaceAffected
Limited to Audit Logging feature.
Hotfix available.
For more details, see KB 5655
UniSee PresentNot applicable
SecureStreamNot applicable
Video Wall Management suite (cloud)? Not applicable
Video Wall Manager (onprem) Not applicable
Green Barco Wall Control Manager (gBCM)  Not affected*
WeConnectNot applicable
WePresentNot applicable
OvertureNot applicable
Projector Management Suite Not applicable
Projector ToolsetNot applicable
WebanalyserNot applicable
Projector embedded softwareNot applicable
Infinipix Not applicable
ECU-200 with DCS (Display Control suite)Not applicable
 
Info! Please note that the above article contains preliminary information and will be updated regularly.

Barco products are designed with security, privacy, and confidentiality in mind. And with every software release, new features and fixes are added to the product range. Additionally, Barco has an information security management system (ISMS) which complies with the ISO 27001 standard, covering policies, management involvement, business processes, technology, compliance with local laws, security awareness, and security best practices. The products and locations in scope are specifically mentioned on our certificate, which can be found on Certificates - Barco.

 
*

This recent vulnerability disclosure caused widespread and renewed security attention for this framework, which itself led to the discovery of new vulnerabilities, both in Log4j version 1 and version 2.

Although a large percentage of our product portfolio is not using Log4j, Barco is currently performing a broader investigation beyond the scope of the “Log4Shell” vulnerability to determine the impact on our products.

An overview of the current assessment results can be found in KB 1907.

Properties

Last updated Aug 25, 2023