Apache Log4j Notices
Apache Log4j Notices
Abbott
Abbott is aware of the recently discovered remote code execution vulnerability impacting Apache Log4j, a logging tool commonly used in Java-based software applications.
Our cybersecurity team is actively evaluating our products, systems and applications to determine if there is any potential impact from this vulnerability and taking steps to mitigate any possible exposure.
Based on our analysis to date, none of our products are currently vulnerable. However, we will continue to analyze and monitor all available information and provide updates to our customers if needed.
Accuray
As part of our product security program, Accuray Incorporated has assessed Accuray products for potential risk against the security advisory for the following CVE-2021-44228 “Log4J Vulnerability”. For a detailed description of this vulnerability, please review the information provided by NVD.
For any questions, please contact your Accuray Service representative
B. Braun
B. Braun’s first analysis determined that NONE of our software products are affected.
Site Link
Baxter
Please note that the Apache Log4j vulnerability is not a Baxter-specific vulnerability. As part of the company’s product security policy and protocols, Baxter’steamis evaluating Baxter’s Java based products and solutions for potential impacts from this reported vulnerability and evaluating further possible actions as needed. Baxter will continue to monitor all available information and we will provide an update to this bulletin if necessary.
Site Link
BD
BD is aware of an additional CVE-2021-45046 which was added to the Apache Log4j vulnerability. This bulletin is inclusive of both CVEs.
BD has assessed the software-enabled products and hosted offerings found at the URL listed and determined they are not impacted by this vulnerability. However, BD products may contain or be used in association with third-party components, and we are still assessing those components across all versions of BD software-enabled products. As needed, BD will publish third-party bulletins and link to them from this page.
Beckman Coulter
Beckman Coulter is currently evaluating the security risk of our product portfolio that may potentially be affected by this vulnerability.
bioMérieux
bioMérieux is aware of and currently monitoring vulnerabilities in Apache Log4j. These vulnerabilities potentially allow for unauthenticated remote code execution. Log4j is an open source Java logging library developed by the Apache Foundation widely used in many applications and is present, as a dependency, in many services. bioMérieux is currently investigating to determine whether any products including in its BioFire franchise, are affected and will regularly update this advisory as more information becomes available.
Boston Scientific
We have confirmed the following products do not use Apache Log4j and are not affected by the CVE-2021-4228 Log4j vulnerability:
• LABSYSTEM™ Pro EP Recording System
• RHYTHMIA HDx™ Mapping System
• SMARTFREEZE™ Cryoablation system
Boston Scientific has reviewed the CVE-2021-44228 for the LATITUDE™ product group. See link for LATITUDE™ for the outcome of that investigation:
for LATITUDE™: Latitude Link
Canon
The following Canon Medical Systems Corporation products are not using Apache Log4j.
• CT Medical Imaging Products
• MR Medical Imaging Products
• UL Medical Imaging Products
• XR Medical Imaging Products
• NM Medical Imaging Products
Canon Medical Products under investigation:
• Vitrea Advanced 7.x
• Infinix-i (Angio Workstation)
• Alphenix (Angio Workstation)
Canon Medical Systems Corporation is currently investigating whether there is any impact. If any impact is found, it will be informed to customer immediately.
Carestream
No Carestream products are impacted by this vulnerability.
Cepheid
Cepheid’s research and development teams are aware of this identified vulnerability and is assessing the impact to affected products. Cepheid has confirmed that C360 is not impacted. GeneXpert products are currently being assessed for impact. Cepheid has not received any reports of this vulnerabilities affecting the clinical use of our products and is closely monitoring for any further developments.
Site Link
Cydar Medical
As part of our ongoing security measures, Cydar immediately investigated the vulnerability and initiated a response. We quickly established that the core Cydar EV system was not affected. On a wider review, we identified a small number of internal non-production systems using third party software that are affected. These systems are not publicly accessible, and so not at high risk of exploitation. We have applied the recommended mitigations and restricted the outgoing traffic from the hosts in question as an additional precaution.
This vulnerability is both serious and widespread, and the effects are likely to be felt globally for a long time to come. We are confident that we have addressed any potential issue with respect to our systems, but we will of course continue to monitor developments and take any further action necessary.
Site Link
Edwards LifeSciences
At this time, Edwards’ devices on market are not impacted by the Log4j vulnerability. Edwards will continue to monitor the situation and provide customers with updates, as appropriate.
Elekta
“Elekta has published security advisories on the response to CVE-2021-44228 Log4j vulnerability. Advisories are posted on the Elekta Care Community portal under Technical Documentation/Security Advisory.”
Site Link
[et_
- Related Resources & News
- Monthly Newsletter – October 2024
- Health ISAC leads effort to transform SBOM information sharing under CISA-facilitated community work
- CyberEdBoard Insights: Phil Englert and Errol Weiss
- Health-ISAC Hacking Healthcare 9-10-2024
- Strengthening Healthcare Cybersecurity: Lessons from Recent Supplier Attacks
- Specialize in Securing Critical Infrastructure
- How AI is transforming cybersecurity, on defense and offense
- Unveiling Hidden APIs and Securing Vulnerabilities in the Healthcare Sector
- 2024 Active Shooter Hostile Event Response (ASHER) Exercise Series – Report
- How to Address Healthcare’s Cybercrime Problem