Search the Community
Showing results for tags 'vulnerability?'.
Hi, Is Dataton products affected by the Spring vulnerabilities (CVE-2022-22963 and CVE-2022-22965)? Spring Cloud Function: https://spring.io/blog/2022/03/29/cve-report-published-for-spring-cloud-function Spring Framework and Boot: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement I guess that WATCHNET might be the only one that might be affected, since it's Java based. Looking forward to a quick and complete answer. 😉 -- Andreas Lindemark
Hi, The following information concerns the newly discovered Log4j security issue which has already generated some questions from users. Here is a summary of the situation with regard to Dataton products: WATCHOUT version 6, all versions There is no part of the Apache-libraries, containing the Log4j function, included in any version of the WATCHOUT source code. This goes for the production software, the display software and the dynamic image server. So, there is no reason for doing any updates or special security actions regarding the Log4j security issue. WATCHPAX As a result of the above, display servers manufactured by Dataton (WATCHPAX series) do not have any heightened risk of being hacked due to the Log4j security issue. WATCHMAX WATCHMAX servers in their original state as shipped from Dataton (ie, that have not been re-configured or had any additional software added) should not be affected by this security threat. Custom-built servers For custom-built servers running WATCHOUT, you need to check with the manufacturer of the server to see if any additional software installed on these servers may contain the Apache-libraries, containing the Log4j. If this is the case, it is up to the server manufacturer to resolve the issue. WATCHNET WATCHNET is Java-based and WATCHNET does have the Apache-libraries, containing the Log4j function, included in the code library. However, the version of the Log4j module is quite old, version log4j-1-2-17, and according to several sources it is only Log4j version 2.0 to 2.14.1 that is affected by this security threat. Some sources mention that there is an elevated risk, albeit low, that Log4j versions pre-2.0 can be affected. However, this does not apply to WATCHNET as the source code is encrypted. As always, Dataton strongly recommend that any system using WATCHNET or WATCHOUT should be used on an isolated network environment (not just because of this specific threat). If this is not possible a robust and freshly updated firewall should always be between the internal network and the rest of the world. Mikael J. Ena Senior Product Specialist Dataton AB