A logging library for Java, was announced on the 11th of Dec. 2021. We are in process of checking our software products and components to identify whether they are affected by this incident.
- Latest information and advice will be posted within our Zuken Global Support (ZGS) website ‘News’ section
- This page last updated : 20th December 2021, 15:35GMT
Affected Products:
- DS-CR / DS-E3 – ACTION REQUIRED (See below)
Checked and confirmed NOT AFFECTED
- E3.series
- CR-8000
- GENESYS
- eCADSTAR
- CADSTAR
You can continue to use all products stated as “Not Affected”.
Additionally we are also checking our ancillary web services and no vulnerabilities have been found. They will also be reported below should any be found.
- Incident: Security Vulnerability CVE-2021-45046, CVE-2021-44228 log4J
- Further details: https://logging.apache.org/log4j/2.x/
E3.series
Product | Version | Impact |
E3.series | any | Not Affected |
E3.enterprise (server) | any | Not Affected |
E3.Addons (in general) | any | Not Affected |
E3.3DRoutingBridge | any | Not Affected |
E3.3DTransformer | any | Not Affected |
E3.Cable Editor | any | Not Affected |
E3.CLX | any | Not Affected |
E3.ComponentCloud | any | Not Affected |
E3.Configurator | any | Not Affected |
E3.Copy Database Entries | any | Not Affected |
E3.CutOut | any | Not Affected |
E3.DB Tool | any | Not Affected |
E3.DB Update | any | Not Affected |
E3.Dispatcher | any | Not Affected |
E3.ELOG-KBL Export | any | Not Affected |
E3.ET Print | any | Not Affected |
E3.Harness Flattening | any | Not Affected |
E3.HarnessAnalyzer | any | Not Affected |
E3.Komax Export | any | Not Affected |
E3.Language Database Editor | any | Not Affected |
E3.NA Standards | any | Not Affected |
E3.NC Bridge | any | Not Affected |
E3.PLC Bridge | any | Not Affected |
E3.Preview Handler | any | Not Affected |
E3.Quick Assign | any | Not Affected |
E3.Report Generator | any | Not Affected |
E3.Reports | any | Not Affected |
E3.Revision Management | any | Not Affected |
E3.Saber Frameway | any | Not Affected |
E3.SAP | any | Not Affected |
E3.Select Additional Parts | any | Not Affected |
E3.series Background Process | any | Not Affected |
E3.Simulation | any | Not Affected |
E3.Systems Edition | any | Not Affected |
E3.TeamCenter | any | Not Affected |
E3.Tools | any | Not Affected |
E3.Trigger Management | any | Not Affected |
E3.Update SubCircuits | any | Not Affected |
E3.WatchDir | any | Not Affected |
E3.Windchill | any | Not Affected |
E3.Wiring Cockpit | any | Not Affected |
E3.Wiring Diagram Generator | any | Not Affected |
E3.WiringChecks | any | Not Affected |
E3.WWP Interface | any | Not Affected |
We are still in the process of checking ancillary web services, but no vulnerabilities have yet been found.
- Should any vulnerability be found it will be specific to the service and data supplied to the service, not a generic risk to your local E3.series software/data
- Any risks that are identified will be published here.
CR-8000
CR-8000 is not affected.
However DS-CR is affected and an update is required.
Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.
Product | Impact | Affected version | Solution |
---|---|---|---|
Architecture Planner | Not Affected | – | – |
DFM Center (Rule Manager) |
Not Affected | – | – |
DFM Center/ADM for Design Force/Board Designer (ADM Rule Manager) |
Not Affected | – | – |
- If the products are used in Intranet (a private network within a corporation), this vulnerability is not exploited by outsides unless they invade the corporate network.
DS-CR
There is a very critical vulnerability in Apache LOG4J library, which is used by our Zuken DS-CR Client and DS-CR Engine release 2020 or 2021 applications. Please do not wait with replacement, because rating factor of vulnerability is declared as very high.
To fix this problem, it is necessary to exchange the log4j to the newer version (2.15 or later). ZJ R&D has confirmed that DS-CR Framework Engine can work with release 2.16. To adopt 2.16, following two files should be replaced.
- log4j-api-2.16.0.jar
- log4j-core-2.16.0.jar
Please use following link to download PDF-document with VersionUp Guide and ZIP-file log4j-2.16.0.zip including log4j files described above…
This adoption is needed for Job Server, Vault Cache Server, and DS-Web.
Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.
Product | Impact | Affected version | Solution |
---|---|---|---|
DS-CR | Affected | 2021, 2020 | Needs upgrading it to Apache Log4j 2.16. – see above |
D-Shop Floor | Affected | 2021, 2020 | Needs upgrading it to Apache Log4j 2.16. – see above |
DS-OP | Affected | 2021, 2020 | Needs upgrading it to Apache Log4j 2.16. – see above |
DS-2 Expresso | Affected | 2021, 2020 | Needs upgrading it to Apache Log4j 2.16. For more details, please see DS-2 Expresso patch program “Patch program for the vulnerability in Apache Log4j”. Note, Patch program for servers is released in preference to for client due to higher priority. Patch program for clients is planned to release at the end of December 2021. |
- If you have any further questions please don’t hesitate to contact our Zuken Global Support team.
DS-E3
Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.
Product | Impact | Affected version | Solution |
---|---|---|---|
DS-E3 | Affected | 2021.0, 2020.1 | Needs upgrading it to Apache Log4j 2.16. Please contact our local support office. |
D-Shop Floor | Affected | 2021, 2020 | Needs upgrading it to Apache Log4j 2.16. Please contact our local support office. |
- If you have any further questions please don’t hesitate to contact our Zuken Global Support team.
GENESYS
GENESYS does not implement log4j-core. As such, it is not affected by the stated vulnerability.
eCADSTAR / CADSTAR
eCADSTAR / CADSTAR client software is not affected by the Log4j vulnerability.
All eCADSTAR / CADSTAR products are not at risk.
We are still in the process of checking ancillary web services, but no vulnerabilities have yet been found.
- Should any vulnerability be found it will be specific to the service and data supplied to the service, not a generic risk to your local eCADSTAR / CADSTAR software/data.
- Any risks that are identified will be published here.
MISC.
Zuken Global Support (ZGS)
Our Zuken Global Support site is not affected by the vulnerability. We assure you that you can continue to use this site safely and steadily.
Zuken.com
Our www.zuken.com website is not affected by the vulnerability. We assure you that you can continue to use this site safely and steadily.