Particle Measuring Systems is happy to inform all users of our software and systems that thanks to the specific programming languages adopted by PMS and carefully designed system architecture, our software solutions are NOT impacted by the recently discovered Java vulnerability.
All users of Facility Pro, Sampler Sight, Data Analyst, Pharmaceutical Net Pro, and Facility Net are not required to take any action.
More about the Java vulnerability:
A zero-day vulnerability, identified as CVE-2021-44228, was published on the night of Friday, December 10, affecting the log4j2 Java library and allowing an attacker to execute malicious code remotely (RCE). In addition, from the first hours after the publication of the vulnerability there were scanning activities aimed at identifying potentially vulnerable computer systems.
The vulnerability, also referred to as “Log4Shell” or “LogJam”, affects the Apache log4j package (a Java-based logging tool) from version 2.0 to 2.14.1. Proper exploitation of the CVE could allow unauthenticated remote code (RCE) execution by threat agents and possible access to the target computer system. The vulnerability has been assigned a critical score, CVSS 10.0, due to the simplicity of exploitation, as authentication is not required, and the potential high impact on victim systems.
The log4j Java library is widely used by many cloud services and business applications, including and not limited to: Apple, Amazon, Twitter, Cloudflare and Steam, which could therefore be vulnerable to CVE-2021-44228. At the time of writing, the possible extent of the vulnerability is still unknown, but it could cause a large number of cyber-attacks in the coming days.
For more information on this or other Software related questions please contact our software specialists.