Security gap log4j - GÖPEL electronic products tested

The German Federal Office for Information Security (BSI) currently warns of a security vulnerability in the frequently used "log4j" library (Java). GÖPEL electronic GmbH takes this information very seriously and has checked the possible effects immediately.

In the following you will find an overview of the checked programs.


Vulnerability of GÖPEL electronic software regarding the log4j2 vulnerability:

Automotive Test Solutions

G-API NOT vulnerable
HardwareExplorer    NOT vulnerable
WinflashTool  NOT vulnerable
Cockpit    NOT vulnerable
Net2Run RBS Configurator 2.x NOT vulnerable
Net2Run RBS Configurator 3.xNOT vulnerable
Net2Run RBS Generator 3.x NOT vulnerable
Net2Run IDENOT vulnerable
Series 61 (Firmware/Onboard Software)NOT vulnerable
Series 62 (Firmware/Onboard Software)NOT vulnerable
Dragon Suite / Dragon Suite Advanced NOT vulnerable
TOM LineNOT vulnerable

Embedded JTAG Solutions

None of the Embedded JTAG Solutions software components uses the Java library or were programmed with Java. The programmes of the Embedded JTAG Solutions are created either with Delphi, C++, C#, additionally QT5 is used.

SYSTEM CASCONNOT vulnerable
SCANVISION IIINOT vulnerable
Hardlock SoftwareNOT vulnerable
FlexLM (lmtools)NOT vulnerable
FlexNet Version 11.14 (lmadmin)NOT vulnerable, see below

When licensing with FlexNet version 11.14 (using lmadmin) Java is used. There is the following statement on the Flexera site:
https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-remote-code-execution/ba-p/216934

It is communicated that "FlexNet Manager for Engineering Applications" can be affected. And here in particular the component "Flexera Analytics" (Cognos). This component is not used by GÖPEL electronic, insofar the software of GÖPEL electronic is not affected.
An own analysis of the FlexNet software has shown that Log4j is also used in a Java example "Alerter" - albeit in the older version 1.2.8. In the default installation "Alerter" is not activated.

Inspection Solutions

The software of the inspection systems of GÖPEL electronic is not affected by the security vulnerability.
The inspection systems and additional software modules from GÖPEL electronic are safe because no Java code affected by the security gap is used.

GÖPEL electronic products tested

通讯注册

在此免费接收 GOEPEL 电子通讯。
独家活动、免费网络研讨会的邀请函,以及有关当前测试和检验主题的新闻。

通讯注册

×
您需要帮助吗?

请联系我们!

Automotive Test Solutions