Is there any impact for Barco Products on other Log4j vulnerabilities?

Article number: [1907] - Legacy code: [12503]

Applicable to

Vulnerability details:

Due to the recent discoveries of vulnerabilities in this framework, Barco did a detailed analysis of the impact of the vulnerability known as “Log4Shell” (CVE-2021-44228) on our product portfolio (result can be found here: [KB12495]).

However, this recent vulnerability disclosure caused widespread and renewed security attention for this framework, which itself led to the discovery of new vulnerabilities, both in Log4j version 1 and version 2.

Although a large percentage of our product portfolio is not using this framework, Barco is currently performing a broader investigation beyond the scope of the “Log4Shell” vulnerability to determine the impact on our products.

An overview of the current assessment results can be found below. As the investigation continues, these results will be updated. 

Impact on Barco products:

Barco is currently analyzing the impact on Barco products. As the investigation continues, assessment results will be updated. 

ProductStatus
MediCal QAWebInvestigated
For more details, see [KB12508]
NexxisORInvestigated
For more details, see [KB12510]
TransForm N (TFN)Investigated
For more details, see [KB12494]
OpSpaceInvestigated
For more details, see [KB12493]
Green Barco Wall Control Manager (gBCM)  Investigated
For more details, see [KB12507]

Please be aware that some security scanning tools only verify the version of a component to indicate if it is vulnerable or not. Based on our internal investigation of how the component is used and configured, we indicate if the vulnerability is exploitable or not. (cf. impact statement per CVE identifier in the KB).

Please note that the above article contains preliminary information and will be updated regularly.

During the ongoing investigation, Barco advises to isolate as much as possible the system/devices in your network and limit access to the network where possible.

The results above specifically exclude the impact of the “Log4Shell” (CVE-2021- 44228) vulnerability on our products. For that impact, see [KB12495].

Properties

Last updated Jun 14, 2022