Last Updated: February 9, 2022
Overview
Vulnerability that are called "Log4Shell" in Apache Log4j has been reported. Regarding potential impact to Yokogawa products, please check below.
ใปCENTUM VP : Not Affected *
ใปProSafe-RS/ProSafe-RS Lite: Not affected
ใปExaopc: Not affected
ใปExaquantum: Not affected
ใปExaplog: Not affected
ใปSTARDOM: Not affected
ใปFAST/TOOLS: Not affected
ใปCI Server: Not affected
ใปPRM: Not affected
ใปVTSPortal: Not affected
ใปSMARTDAC+ GX/GP/GM/GA: Not affected
ใปDAQSTATION DX: Not affected
ใปDAQMASTER MX/MW: Not affected
ใปFA-M3: Not affected
ใปe-RT3: Not affected
* Exclude Unified Gateway Station (UGS2) Standard Function R6.03.10 - R6.06.00. Please refer to YSAR-22-0003 for details.
If new Yokogawa products are found to be affected by the vulnerability, Yokogawa will provide detail information in Yokogawa Security Advisory Report (YSAR) as soon as countermeasures become available.
Yokogawa Security Advisory Report
https://www.yokogawa.com/library/resources/white-papers/yokogawa-security-advisory-report-list/
The Yokogawa Group Vulnerability Handling Policy
https://www.yokogawa.com/eu/solutions/products-platforms/announcements/vulpolicy/
Yokogawa strongly recommends all customers to establish and maintain a full security program, not only for the vulnerability. Security program components are: Patch updates, Anti-virus, Backup and recovery, zoning, hardening, whitelisting, firewall, etc. Yokogawa can assist in setting up and running the security program continuously. For considering the most effective risk mitigation plan, as a starting point, Yokogawa can perform a security risk assessment.
Reference Site
Vulnerability Note VU#930724
https://kb.cert.org/vuls/id/930724
CVE-2021-45046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
๊ธฐ์ ๋ฐ ์๋ฃจ์ , ์๊ผฌ๊ฐ์์ ๋ํ ์์ธํ ์ ๋ณด๋ฅผ ์ฐพ๊ณ ๊ณ์ญ๋๊น?
๊ฒฌ์ ๋ฐ ๊ธฐ์ ๋ฌธ์