Pilz Hardware And Software Not Affected By “Log4Shell” Vulnerability In Software Library Log4j

December 17, 2021

 

Dear Madam or Sir,

 

On December 10th, 2021, the BSI (the German Federal Office for Information Security) published a cyber security alert on the so-called “Log4Shell” vulnerability in the software library Log4j. Log4j is used in many Java applications.

From the BSI alert:

“An IT security vendor blog [LUN2021] reports on vulnerability CVE-2021-44228 [MIT2021] in log4j versions 2.0 through 2.14.1, which may allow attackers to execute their own program code on the target system and thus compromise the server.”

 

Further information is available at:

 

Pilz’s analysis revealed the following:

  • ••Pilz hardware components do not use Java and thus no log4j. Therefore, these components are not affected.
  • ••Pilz Software products partially use log4j versions 2.0 to 2.14.1 (current vulnerability CVE-2021-44228). Analyses to date have shown that it is highly unlikely that the vulnerability can be exploited. If, contrary to expectations, there is a risk, we will publish a security advisory.
  • ••In some Pilz Software products, log4j version 1.2.x is used. The exploitation of the vulnerability in this version (CVE 2021-4104) requires, among other things, a specific configuration. However, this configuration is not used in Pilz Software products.

 

We hope this information is helpful to you. If you have any further questions, please contact our technical support:support@pilz.com.

With best regards

Pilz GmbH & Co. KG

 

Source

 

Related Articles

Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More

Latest Articles

  • Labeling Cables and Wires

    February 3, 2026 Choosing the right wire marker or cable label Cable and wire labeling is critical in the identification, assembly, and repair of electrical control panels, wire harnesses, and data/telecommunications systems. It is an upfront cost that saves time and labor expenses when changes or repairs need to occur to the systems you work Read More…

  • ITC 101: Understanding NEMA Ratings for Electrical Enclosures

    February 3, 2026 Understanding NEMA Ratings for Electrical Enclosures NEMA Ratings are an essential classification system used across North America to define the environmental and mechanical protection provided by electrical enclosures. Developed by the National Electrical Manufacturers Association (NEMA), these ratings help engineers, installers, and specifiers identify the appropriate enclosure type for industrial, commercial, and outdoor Read More…