On December 9, 2021, a very serious vulnerability in the popular Java-based logging package “Log4j” was announced and on December 11, 2021, the BSI officially warned of this vulnerability: BSI – Press – Warning level red: Log4Shell vulnerability leads to extremely critical threat situation (www.bsi.bund.de).
This vulnerability allows an attacker to execute code on a remote server (Remote Code Execution, RCE) and makes Log4J susceptible to a denial-of-service attack, for example. The vulnerability is currently being exploited worldwide with various forms of attack. For further information, see https://cve.mitre.org under CVE-2021-44228, CVE-2021-45105, CVE-2021-45046 and CVE-2021-44832.
The control software of all MMM series is not affected by the security vulnerability.
Updates for MMM software available
If you use one of the MMM software products RUMED360® Cycles (“SimServ”), RUMED360® Cycles View (“Batch Viewer”), RUMED360® Sicon (“SiCon”) or RUMED360® ISA Server (“ISA”), please contact your regional MMM service manager or write to us at service@mmmgroup.com.
An update for the above mentioned MMM software products with the official patches of the Java library Log4J is available.
Security Advisory
Further information can be found in the MMM Cybersecurity Communication:
MMM Group
Semmelweisstraße 6
82152 Planegg/Munich
Germany
Costumer Service
