Log4j Security Vulnerability

CVE-2021-44228

A logging library for Java, was announced on the 11th of Dec. 2021. We are in process of checking our software products and components to identify whether they are affected by this incident.

Affected Products:

  • DS-CR / DS-E3 – ACTION REQUIRED (See below)

Checked and confirmed NOT AFFECTED

  • E3.series
  • CR-8000
  • GENESYS
  • eCADSTAR
  • CADSTAR

You can continue to use all products stated as „Not Affected“.

Additionally we are also checking our ancillary web services and no vulnerabilities have been found. They will also be reported below should any be found.

E3.series CR-8000 DS-CR DS-E3 GENESYS eCADSTAR / CADSTAR MISC.

E3.series


Product Version Impact
E3.series any Not Affected
E3.enterprise (server) any Not Affected
E3.Addons (in general) any Not Affected
E3.3DRoutingBridge any Not Affected
E3.3DTransformer any Not Affected
E3.Cable Editor any Not Affected
E3.CLX any Not Affected
E3.ComponentCloud any Not Affected
E3.Configurator any Not Affected
E3.Copy Database Entries any Not Affected
E3.CutOut any Not Affected
E3.DB Tool any Not Affected
E3.DB Update any Not Affected
E3.Dispatcher any Not Affected
E3.ELOG-KBL Export any Not Affected
E3.ET Print any Not Affected
E3.Harness Flattening any Not Affected
E3.HarnessAnalyzer any Not Affected
E3.Komax Export any Not Affected
E3.Language Database Editor any Not Affected
E3.NA Standards any Not Affected
E3.NC Bridge any Not Affected
E3.PLC Bridge any Not Affected
E3.Preview Handler any Not Affected
E3.Quick Assign any Not Affected
E3.Report Generator any Not Affected
E3.Reports any Not Affected
E3.Revision Management any Not Affected
E3.Saber Frameway any Not Affected
E3.SAP any Not Affected
E3.Select Additional Parts any Not Affected
E3.series Background Process any Not Affected
E3.Simulation any Not Affected
E3.Systems Edition any Not Affected
E3.TeamCenter any Not Affected
E3.Tools any Not Affected
E3.Trigger Management any Not Affected
E3.Update SubCircuits any Not Affected
E3.WatchDir any Not Affected
E3.Windchill any Not Affected
E3.Wiring Cockpit any Not Affected
E3.Wiring Diagram Generator any Not Affected
E3.WiringChecks any Not Affected
E3.WWP Interface any Not Affected

 

We are still in the process of checking ancillary web services, but no vulnerabilities have yet been found.

  • Should any vulnerability be found it will be specific to the service and data supplied to the service, not a generic risk to your local E3.series software/data
  • Any risks that are identified will be published here.

CR-8000


CR-8000 is not affected.

However DS-CR is affected and an update is required.

Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.

Product Impact Affected version Solution
Architecture Planner Not Affected
DFM Center
(Rule Manager)
Not Affected
DFM Center/ADM for Design Force/Board Designer
(ADM Rule Manager)
Not Affected
  • If the products are used in Intranet (a private network within a corporation), this vulnerability is not exploited by outsides unless they invade the corporate network.

 

DS-CR


There is a very critical vulnerability in Apache LOG4J library, which is used by our Zuken DS-CR Client and DS-CR Engine release 2020 or 2021 applications. Please do not wait with replacement, because rating factor of vulnerability is declared as very high.

To fix this problem, it is necessary to exchange the log4j to the newer version (2.15 or later). ZJ R&D has confirmed that DS-CR Framework Engine can work with release 2.16. To adopt 2.16, following two files should be replaced.

  • log4j-api-2.16.0.jar
  • log4j-core-2.16.0.jar

Please use following link to download PDF-document with VersionUp Guide and ZIP-file log4j-2.16.0.zip including log4j files described above…

This adoption is needed for Job Server, Vault Cache Server, and DS-Web.

 

Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.

Product Impact Affected version Solution
DS-CR Affected 2021, 2020 Needs upgrading it to Apache Log4j 2.16. – see above
D-Shop Floor Affected 2021, 2020 Needs upgrading it to Apache Log4j 2.16. – see above
DS-OP Affected 2021, 2020 Needs upgrading it to Apache Log4j 2.16. – see above
DS-2 Expresso Affected 2021, 2020 Needs upgrading it to Apache Log4j 2.16.
For more details, please see DS-2 Expresso patch program „Patch program for the vulnerability in Apache Log4j“.
Note, Patch program for servers is released in preference to for client due to higher priority. Patch program for clients is planned to release at the end of December 2021.
  • If you have any further questions please don’t hesitate to contact our Zuken Global Support team.

DS-E3


Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.

Product Impact Affected version Solution
DS-E3 Affected 2021.0, 2020.1 Needs upgrading it to Apache Log4j 2.16.
Please contact our local support office.
D-Shop Floor Affected 2021, 2020 Needs upgrading it to Apache Log4j 2.16.
Please contact our local support office.
  • If you have any further questions please don’t hesitate to contact our Zuken Global Support team.

GENESYS


GENESYS does not implement log4j-core. As such, it is not affected by the stated vulnerability.

eCADSTAR / CADSTAR


eCADSTAR / CADSTAR client software is not affected by the Log4j vulnerability.

All eCADSTAR / CADSTAR products are not at risk.

We are still in the process of checking ancillary web services, but no vulnerabilities have yet been found.

  • Should any vulnerability be found it will be specific to the service and data supplied to the service, not a generic risk to your local eCADSTAR / CADSTAR software/data.
  • Any risks that are identified will be published here.

MISC.


Zuken Global Support (ZGS)

Our Zuken Global Support site is not affected by the vulnerability. We assure you that you can continue to use this site safely and steadily.

 

Zuken.com

Our www.zuken.com website is not affected by the vulnerability. We assure you that you can continue to use this site safely and steadily.

Got a Question? - Contact Zuken today

For more information on how Zuken can help your design process, contact Zuken today.
Contact us today