A logging library for Java, was announced on the 11th of Dec. 2021. We are in process of checking our software products and components to identify whether they are affected by this incident.
This page last updated : 20th December 2021, 15:35GMT
Affected Products:
DS-CR / DS-E3 – ACTION REQUIRED (See below)
Checked and confirmed NOT AFFECTED
E3.series
CR-8000
GENESYS
eCADSTAR
CADSTAR
You can continue to use all products stated as “Not Affected”.
Additionally we are also checking our ancillary web services and no vulnerabilities have been found. They will also be reported below should any be found.
We are still in the process of checking ancillary web services, but no vulnerabilities have yet been found.
Should any vulnerability be found it will be specific to the service and data supplied to the service, not a generic risk to your local E3.series software/data
Any risks that are identified will be published here.
CR-8000
CR-8000 is not affected.
However DS-CR is affected and an update is required.
Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.
Product
Impact
Affected version
Solution
Architecture Planner
Not Affected
–
–
DFM Center
(Rule Manager)
Not Affected
–
–
DFM Center/ADM for Design Force/Board Designer
(ADM Rule Manager)
Not Affected
–
–
If the products are used in Intranet (a private network within a corporation), this vulnerability is not exploited by outsides unless they invade the corporate network.
DS-CR
There is a very critical vulnerability in Apache LOG4J library, which is used by our Zuken DS-CR Client and DS-CR Engine release 2020 or 2021 applications. Please do not wait with replacement, because rating factor of vulnerability is declared as very high.
To fix this problem, it is necessary to exchange the log4j to the newer version (2.15 or later). ZJ R&D has confirmed that DS-CR Framework Engine can work with release 2.16. To adopt 2.16, following two files should be replaced.
log4j-api-2.16.0.jar
log4j-core-2.16.0.jar
Please use following link to download PDF-document with VersionUp Guide and ZIP-file log4j-2.16.0.zip including log4j files described above…
If you have any further questions please don’t hesitate to contact our Zuken Global Support team.
DS-E3
Other products that are not shown in this table are not affected by the vulnerability because they do not use Java.
Product
Impact
Affected version
Solution
DS-E3
Affected
2021.0, 2020.1
Needs upgrading it to Apache Log4j 2.16.
Please contact our local support office.
D-Shop Floor
Affected
2021, 2020
Needs upgrading it to Apache Log4j 2.16.
Please contact our local support office.
If you have any further questions please don’t hesitate to contact our Zuken Global Support team.
GENESYS
GENESYS does not implement log4j-core. As such, it is not affected by the stated vulnerability.
eCADSTAR / CADSTAR
eCADSTAR / CADSTAR client software is not affected by the Log4j vulnerability.
All eCADSTAR / CADSTAR products are not at risk.
We are still in the process of checking ancillary web services, but no vulnerabilities have yet been found.
Should any vulnerability be found it will be specific to the service and data supplied to the service, not a generic risk to your local eCADSTAR / CADSTAR software/data.
Any risks that are identified will be published here.
MISC.
Zuken Global Support (ZGS)
Our Zuken Global Support site is not affected by the vulnerability. We assure you that you can continue to use this site safely and steadily.
Zuken.com
Our www.zuken.com website is not affected by the vulnerability. We assure you that you can continue to use this site safely and steadily.
Got a Question? - Contact Zuken today
For more information on how Zuken can help your design process, contact Zuken today.