Publication Date: 12/15/21
Last Updated: 01/05/22
Abbott is aware of the recently discovered remote code execution vulnerability impacting Apache Log4j, a logging tool commonly used in Java-based software applications.
Our cybersecurity team is actively evaluating our products, systems, and applications to determine if there is any potential impact from this vulnerability and taking steps to mitigate any possible exposure.
Most Abbott products are unaffected by this advisory. For those products that do use the impacted versions of Apache Log4j, Abbott has reviewed the level of potential impact on product performance and safety as a result of this vulnerability.
Abbott is providing the list below to assist customers in identifying Abbott products that use the impacted versions of Apache Log4j. The list below is subject to change based on updated information related to impacted components and additional product evaluation.
GLP Track System
An impacted version of Log4j is in use on the Track Sample Manager (TSM) and Track Workflow Manager (TWM) communication interfaces.
No exploits of the Log4j vulnerability in GLP Track Systems have occurred to date. The ability to exploit the vulnerability is limited due to the specific content and message rules required by these systems.
Additionally, the presence of a firewall between the track and the network provides additional protection by preventing the vulnerability from being exploited over the network.
Customers that have not implemented a firewall between the GLP Track System and the network should implement a firewall or contact their assigned account representative for assistance.
Abbott will provide a fix for this in a future update expected in January 2022.
Customers interested in additional information regarding patches, procedures or configuration changes on any Abbott products should contact their Abbott assigned account or customer support representative.
Abbott is committed to ensuring the safety and security our products. For more information on Abbott’s product cybersecurity program here.
Please be aware that the website you have requested is intended for the residents of a particular country or region, as noted on that site. As a result, the site may contain information on pharmaceuticals, medical devices and other products or uses of those products that are not approved in other countries or regions.
The website you have requested also may not be optimized for your specific screen size.
Links which take you out of Abbott worldwide websites are not under the control of Abbott, and Abbott is not responsible for the contents of any such site or any further links from such site. Abbott is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of the linked site by Abbott.
The website that you have requested also may not be optimized for your screen size.