×

Log4Shell Impact on Electronic Security Systems

Log4Shell is a critical vulnerability in Log4j affecting millions of Java-based systems, including electronic security platforms. If your system is at risk, contact our Service Department for immediate assistance and support.

Log4Shell Impact on Electronic Security Systems

What is Log4Shell (CVE-2021-44228)?

Log4Shell is a previously unknown vulnerability in the logging (Log4j) software used by many applications that use the Java programming language. Most notably, this software is used in the Apache web server, which can be found in many applications that use a web-based front end for web-based APIs.

It was first publicly disclosed on December 9, 2021, and is estimated to impact hundreds of millions of devices.

For More Information:

https://en.wikipedia.org/wiki/Log4Shell

Next Steps

Because of the severity and wide reach of this vulnerability, you need to make sure your security systems are not impacted. We’ve compiled a list of our most installed systems and the impact of Log4Shell below.

If you have an active maintenance contract and your system is vulnerable, we will be reaching out to schedule a support ticket for resolution. If you are not covered under a maintenance agreement or are unsure if your products are secure, please contact our service department.

Don’t know where to start?

Contact our Service Department today by email (service@adirondacksecurity.com)  or call 518-452-0124 option 2

CTA - Contact Service (link to the Contact page if possible.)

Contact Service

Manufacture

System Types

Impacted

Lenel

Door Access Control, Video, and Visitor Management

Yes

S2

Access Control and Video

Yes

Axis

Cameras and Video Management System

No

Milestone

Video Management System

No

Ava Aware

Cloud-Based Video Management System

No

Exacq

Video Management System

No

Hanwah/

Samsung

Cameras and Video Management System

No

Openpath

Cloud-Based Door Access Control

No

Brivo

Cloud-Based Door Access Control

No

EagleEye

Cloud-Based Video Management System

Yes

AiPhone

Intercom System

No

Ubiquiti

Point-to-Point Wireless, Switches, and Wireless Access Points

Yes

Bosch

Cameras, Alarm Systems

Under Review

Interlogix TruPortal

Door Access Control

Under Review

Lenel

Door Access Control, Video, and Visitor Management

Impacted Systems

  • Lenel OnGuard software versions 8.0 (and 8.0 Update 1)

Resolution/Workaround

Statement from Lenel/S2

Our December 16, 2021, memo provided a temporary mitigation for OnGuard software versions 8.0 and 8.0 Update 1, which disabled the vulnerable Log4j code but also disabled the “OnGuard Reporting & Dashboards” functionality. As of Friday, December 17, 2021, a patch is now available for these OnGuard versions that updates the Log4j components to the latest version as of that date, providing a permanent fix for the known Log4j vulnerabilities.

S2

Access Control and Video

Impacted Systems

  • NetBox version 5.4.3 and below

  • NetBox Global software versions 3.0 and below

  • VRx software versions 5.4.2 and below

  • Elements Video Recorder version 2021- 1209A and below.

  • NetVR™ software versions 5.4.3 and below

Resolution/Workaround

Statement from Lenel/S2

The products listed above (other than OnGuard software versions 8.0 and 8.0 Update 1) do contain Log4j version 1.2.x; however, that Log4j tool is vulnerable only when configured to use JMSAppender (as explained in CVE-2021-4104 ), which is not the case in any of these Lenels2 products. Nonetheless, it is still our intention to provide updates for these products to eliminate the vulnerable version of Log4j.

Milestone

Video Management System

Not Impacted

Log4J vulnerability (FAQ)

Axis

Cameras and Video Management System

Not Impacted

https://www.axis.com/support/product-security

Ava Aware

Cloud-Based Video Management System Cameras

Not Impacted

Statement from Ava

Ava Aware: All Stable versions – NOT Impacted, All Beta versions – NOT Impacted

Ava Cameras: All Stable versions – NOT Impacted, All Beta versions – NOT Impacted

Ava Aware Mobile Apps (IOS + Android): All versions – NOT Impacted

Ava Cloud: NOT Impacted

Exacq

Video Management System

Not Impacted

500 | Johnson Controls

Hanwah/Samsung

Cameras and Video Management System

Not Impacted

https://shorturl.at/sIWUh

Openpath

Cloud-Based Door Access System

Not Impacted

https://shorturl.at/GzKlR

Brivo

Cloud-Based Door Access System

Not Impacted

Statement from Brivo

Brivo does not utilize Log4j for logging within our applications. Brivo’s engineering and
Cybersecurity teams are currently analyzing all 3rd party integrations and external
dependencies with other systems to ensure that this vulnerability is not present anywhere
Within the larger Brivo ecosystem.

EagleEye

Cloud-Based Video Management System

Fixes are being delivered automatically:

Log4j Security Update

AiPhone

Not Impacted

Ubiquiti

Point-to-Point Wireless Network and Wireless Access Points

Impacted Systems

  • Ubiquiti Network Control

Resolution

Update the UniFi Network application to Version 6.5.54 or later.

Security Advisory Bulletin 023 | Ubiquiti Community

Bosch

Under Review

Bosch will release updates here:

Security Advisories | KEENFINITY I Global

Interlogix TruPortal

Under Review





Trendy