Security gap log4j - GÖPEL electronic products tested
The German Federal Office for Information Security (BSI) currently warns of a security vulnerability in the frequently used "log4j" library (Java). GÖPEL electronic GmbH takes this information very seriously and has checked the possible effects immediately.
In the following you will find an overview of the checked programs.
Vulnerability of GÖPEL electronic software regarding the log4j2 vulnerability:
Automotive Test Solutions
|Net2Run RBS Configurator 2.x||NOT vulnerable|
|Net2Run RBS Configurator 3.x||NOT vulnerable|
|Net2Run RBS Generator 3.x||NOT vulnerable|
|Net2Run IDE||NOT vulnerable|
|Series 61 (Firmware/Onboard Software)||NOT vulnerable|
|Series 62 (Firmware/Onboard Software)||NOT vulnerable|
|Dragon Suite / Dragon Suite Advanced||NOT vulnerable|
|TOM Line||NOT vulnerable|
Embedded JTAG Solutions
None of the Embedded JTAG Solutions software components uses the Java library or were programmed with Java. The programmes of the Embedded JTAG Solutions are created either with Delphi, C++, C#, additionally QT5 is used.
|SYSTEM CASCON||NOT vulnerable|
|SCANVISION III||NOT vulnerable|
|Hardlock Software||NOT vulnerable|
|FlexLM (lmtools)||NOT vulnerable|
|FlexNet Version 11.14 (lmadmin)||NOT vulnerable, see below|
When licensing with FlexNet version 11.14 (using lmadmin) Java is used. There is the following statement on the Flexera site:
It is communicated that "FlexNet Manager for Engineering Applications" can be affected. And here in particular the component "Flexera Analytics" (Cognos). This component is not used by GÖPEL electronic, insofar the software of GÖPEL electronic is not affected.
An own analysis of the FlexNet software has shown that Log4j is also used in a Java example "Alerter" - albeit in the older version 1.2.8. In the default installation "Alerter" is not activated.
The software of the inspection systems of GÖPEL electronic is not affected by the security vulnerability.
The inspection systems and additional software modules from GÖPEL electronic are safe because no Java code affected by the security gap is used.