Skip to main content

Apache Log4j Notices

Abbott bioMérieux Edwards Lifesciences Leica Biosystems Siemens
Accuray Boston Scientific Elekta Medtronic Steris
B. Braun Canon Fisher & Paykel Healthcare Philips Thermo Fisher Scientific
Baxter Carestream GE Healthcare Radiometer Varian
BD Cepheid Hologic ResMed Vyaire Medical
Beckman (DX, LS) Cydar Medical       

 

 

Apache Log4j Notices

Abbott

Abbott is aware of the recently discovered remote code execution vulnerability impacting Apache Log4j, a logging tool commonly used in Java-based software applications.

Our cybersecurity team is actively evaluating our products, systems and applications to determine if there is any potential impact from this vulnerability and taking steps to mitigate any possible exposure.

Based on our analysis to date, none of our products are currently vulnerable. However, we will continue to analyze and monitor all available information and provide updates to our customers if needed.

Site Link

Accuray

As part of our product security program, Accuray Incorporated has assessed Accuray products for potential risk against the security advisory for the following CVE-2021-44228 “Log4J Vulnerability”. For a detailed description of this vulnerability, please review the information provided by NVD.

Site Link

 For any questions, please contact your Accuray Service representative

 

B. Braun

B. Braun’s first analysis determined that NONE of our software products are affected.

Site Link

Baxter

Please note that the Apache Log4j vulnerability is not a Baxter-specific vulnerability. As part of the company’s product security policy and protocols, Baxter’steamis evaluating Baxter’s Java based products and solutions for potential impacts from this reported vulnerability and evaluating further possible actions as needed. Baxter will continue to monitor all available information and we will provide an update to this bulletin if necessary.

Site Link

BD

BD is aware of an additional CVE-2021-45046 which was added to the Apache Log4j vulnerability. This bulletin is inclusive of both CVEs.

BD has assessed the software-enabled products and hosted offerings found at the URL listed and determined they are not impacted by this vulnerability. However, BD products may contain or be used in association with third-party components, and we are still assessing those components across all versions of BD software-enabled products. As needed, BD will publish third-party bulletins and link to them from this page.

 

Site Link

Beckman Coulter

Beckman Coulter is currently evaluating the security risk of our product portfolio that may potentially be affected by this vulnerability.

 

Site Link

bioMérieux

bioMérieux is aware of and currently monitoring vulnerabilities in Apache Log4j. These vulnerabilities potentially allow for unauthenticated remote code execution. Log4j is an open source Java logging library developed by the Apache Foundation widely used in many applications and is present, as a dependency, in many services. bioMérieux is currently investigating to determine whether any products including in its BioFire franchise, are affected and will regularly update this advisory as more information becomes available.

Site Link

Boston Scientific

We have confirmed the following products do not use Apache Log4j and are not affected by the CVE-2021-4228 Log4j vulnerability:
• LABSYSTEM™ Pro EP Recording System
• RHYTHMIA HDx™ Mapping System
• SMARTFREEZE™ Cryoablation system

Site Link

Boston Scientific has reviewed the CVE-2021-44228 for the LATITUDE™ product group. See link for LATITUDE™ for the outcome of that investigation:

for LATITUDE™: Latitude Link

Canon

The following Canon Medical Systems Corporation products are not using Apache Log4j.

• CT Medical Imaging Products
• MR Medical Imaging Products
• UL Medical Imaging Products
• XR Medical Imaging Products
• NM Medical Imaging Products

Canon Medical Products under investigation:

• Vitrea Advanced 7.x
• Infinix-i (Angio Workstation)
• Alphenix (Angio Workstation)

Canon Medical Systems Corporation is currently investigating whether there is any impact. If any impact is found, it will be informed to customer immediately.

Site Link

Carestream

No Carestream products are impacted by this vulnerability.

Site Link

Cepheid

Cepheid’s research and development teams are aware of this identified vulnerability and is assessing the impact to affected products. Cepheid has confirmed that C360 is not impacted. GeneXpert products are currently being assessed for impact. Cepheid has not received any reports of this vulnerabilities affecting the clinical use of our products and is closely monitoring for any further developments.

Site Link

Cydar Medical

As part of our ongoing security measures, Cydar immediately investigated the vulnerability and initiated a response. We quickly established that the core Cydar EV system was not affected. On a wider review, we identified a small number of internal non-production systems using third party software that are affected. These systems are not publicly accessible, and so not at high risk of exploitation. We have applied the recommended mitigations and restricted the outgoing traffic from the hosts in question as an additional precaution.

This vulnerability is both serious and widespread, and the effects are likely to be felt globally for a long time to come. We are confident that we have addressed any potential issue with respect to our systems, but we will of course continue to monitor developments and take any further action necessary.

 

Site Link

Edwards LifeSciences

At this time, Edwards’ devices on market are not impacted by the Log4j vulnerability. Edwards will continue to monitor the situation and provide customers with updates, as appropriate.

Site Link

Elekta

“Elekta has published security advisories on the response to CVE-2021-44228 Log4j vulnerability. Advisories are posted on the Elekta Care Community portal under Technical Documentation/Security Advisory.”

Site Link

[et_

This site is registered on Toolset.com as a development site.