PRODUCT SECURITY BULLETIN: APACHE LOG4J

Publication Date: 12/15/21
Last Updated: 01/05/22

Abbott is aware of the recently discovered remote code execution vulnerability impacting Apache Log4j, a logging tool commonly used in Java-based software applications.

Our cybersecurity team is actively evaluating our products, systems, and applications to determine if there is any potential impact from this vulnerability and taking steps to mitigate any possible exposure.

Most Abbott products are unaffected by this advisory. For those products that do use the impacted versions of Apache Log4j, Abbott has reviewed the level of potential impact on product performance and safety as a result of this vulnerability.

Affected Products

Abbott is providing the list below to assist customers in identifying Abbott products that use the impacted versions of Apache Log4j. The list below is subject to change based on updated information related to impacted components and additional product evaluation.

Product

Status

Remediation

GLP Track System

An impacted version of Log4j is in use on the Track Sample Manager (TSM) and Track Workflow Manager (TWM) communication interfaces. 

 

No exploits of the Log4j vulnerability in GLP Track Systems have occurred to date.  The ability to exploit the vulnerability is limited due to the specific content and message rules required by these systems.

 

Additionally, the presence of a firewall between the track and the network provides additional protection by preventing the vulnerability from being exploited over the network.  

 

 

Customers that have not implemented a firewall between the GLP Track System and the network should implement a firewall or contact their assigned account representative for assistance. 

 

Abbott will provide a fix for this in a future update expected in January 2022.

Additional Information

Customers interested in additional information regarding patches, procedures or configuration changes on any Abbott products should contact their Abbott assigned account or customer support representative.

Abbott is committed to ensuring the safety and security our products. For more information on Abbott’s product cybersecurity program here.