We are hiring! See our vacancies
15-12-2021
2 min. read
Dylan Eikelenboom
Last update: 16-12-2021

Critical vulnerability in Log4j found, IXON not affected

A security vulnerability in Apache Log4j was announced on Github on December 9th with the highest severity score of 10. Since it’s a widely used tool to log information within Java applications, it’s expected that the vulnerability will be extensively exploited.

IXON, as a key partner in cybersecurity for machines and manufacturing plans worldwide, consequently performed a thorough vulnerability assessment of its systems. The detailed analysis by IXON’s security team found that the IXON products and platform are not vulnerable.

IXON Security Officer Dylan Eikelenboom made the following statement: “Last week various publications disclosed a new vulnerability, called Log4Shell, which affects the Apache Log4j-tool. This vulnerability can be exploited to inject ransomware into the systems and software affected. The IXON Cloud, IXrouter and any other systems we employ do not use this software and are therefore not vulnerable.”

Tips to keep all your systems and applications secure

The Log4j vulnerability occurs if:
- The server is directly accessible via the internet
- The server is running a Java application accessible via the internet
- The Log4j V2 module is enabled

What can you do to mitigate the issue? Get in touch with the supplier or admin of any servers/applications used in your organisation to inform about the vulnerability. If you do run the risk of exploitation, update to Apache Log4j 2 version 2.15.0 as soon as possible.

Additional sources of information regarding the vulnerability:

To read more about how IXON keeps its products and systems secure, download our security whitepaper.