On December 9, 2021, a vulnerability was detected in Log4j, an open-source Java logging library maintained by the Apache Software Foundation. Log4j is used by a very large percentage of the Java programs developed in the last years for both client and server applications. This vulnerability has been assigned CVE-2021-44228 and received the name "Log4Shell".
CVE-2021-44228 enables attackers to perform unauthenticated remote code execution. Due to its high severity that affects the core of Log4j, its wide usage across business applications, and the public availability of an exploit, Barco’s security team started an assessment on the Barco product range.
Impact on Barco products:
Barco is currently analyzing the impact on Barco products. As the investigation continues, assessment results will be updated. In the table below, not applicable means that Log4j is not used.
|QAweb Enterprise||Not applicable|
|MediCal QAWeb||Not affected*|
|MXRT Display Driver & Intuitive Workflow Tools||Not applicable|
|Nexxis WorkSpot||Not applicable|
|ClickShare (Base Units, Buttons, and Apps)||Not applicable|
|XMS Cloud||Not applicable|
|XMS Edge||Not applicable|
|TransForm N (TFN)||Not affected*|
Limited to Audit Logging feature.
For more details, see [KB12493]
|UniSee Present||Not applicable|
|Video Wall Management suite (cloud)?||Not applicable|
|Video Wall Manager (onprem)||Not applicable|
|Green Barco Wall Control Manager (gBCM)||Not affected*|
|Projector Management Suite||Not applicable|
|Projector Toolset||Not applicable|
|Projector embedded software||Not applicable|
|ECU-200 with DCS (Display Control suite)||Not applicable|
Please note that the above article contains preliminary information and will be updated regularly.
Barco products are designed with security, privacy, and confidentiality in mind. And with every software release, new features and fixes are added to the product range. Additionally, Barco has an information security management system (ISMS) which complies with the ISO 27001 standard, covering policies, management involvement, business processes, technology, compliance with local laws, security awareness, and security best practices. The products and locations in scope are specifically mentioned on our certificate, which can be found on https://www.barco.com/en/about-barco/legal/certificates
This recent vulnerability disclosure caused widespread and renewed security attention for this framework, which itself led to the discovery of new vulnerabilities, both in Log4j version 1 and version 2.
Although a large percentage of our product portfolio is not using Log4j, Barco is currently performing a broader investigation beyond the scope of the “Log4Shell” vulnerability to determine the impact on our products.
An overview of the current assessment results can be found in [KB12503].
Última atualização em Jul 07 2022