CVE-2021-44228 - Industrial Defender update on log4j

December 14, 2021

Vulnerability Summary

Some applications that leverage log4j2 (2.14.1 or older) are vulnerable to a simple attack which can allow for remote code execution. Apache Log4j <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled (CVE-2021-44228).

Protect Industrial Defender components against CVE-2021-44228

Following internal research and validation by the Industrial Defender security and R&D teams the following products are NOT impacted and NOT vulnerable to CVE-2021-44228.

  • Industrial Defender ASM all versions
  • Industrial Defender IDC all versions
  • Industrial Defender ASA all versions
  • Industrial Defender NIDS all versions
  • Industrial Defender Agents all versions

Using Industrial Defenders Policy Application

Customers can use the Policy application to check for the presence of log4j or applications that may
be leveraging.

Using Industrial Defenders Vulnerability Monitoring Service (VMS)

Our VMS is updated in real time as data is made available about CVEs. Industrial Defender recommends customers do a data exchange to help determine exposure to CVE-2021-44228.

Using Industrial Defenders NIDS or IDC

Signatures have been published that can detected the remote code execution associated with log4j vulnerability. They are available on the on the Industrial Defender support portal.

For further information regarding this critical security issue please contact our Support Team.

Email Support

Phone - 877-943-3363