Last Updated: February 9, 2022
Vulnerability that are called "Log4Shell" in Apache Log4j has been reported. Regarding potential impact to Yokogawa products, please check below.
・CENTUM VP : Not Affected *
・ProSafe-RS/ProSafe-RS Lite: Not affected
・Exaopc: Not affected
・Exaquantum: Not affected
・Exaplog: Not affected
・STARDOM: Not affected
・FAST/TOOLS: Not affected
・CI Server: Not affected
・PRM: Not affected
・VTSPortal: Not affected
・SMARTDAC+ GX/GP/GM/GA: Not affected
・DAQSTATION DX: Not affected
・DAQMASTER MX/MW: Not affected
・FA-M3: Not affected
・e-RT3: Not affected
* Exclude Unified Gateway Station (UGS2) Standard Function R6.03.10 - R6.06.00. Please refer to YSAR-22-0003 for details.
If new Yokogawa products are found to be affected by the vulnerability, Yokogawa will provide detail information in Yokogawa Security Advisory Report (YSAR) as soon as countermeasures become available.
Yokogawa Security Advisory Report
The Yokogawa Group Vulnerability Handling Policy
Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the vulnerability. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.
Vulnerability Note VU#930724
Cerchi più informazioni su tecnologia, soluzioni o sulla nostra squadra?Contattaci