Artec technologies : Note on Log4Shell

On Dec. 10, 2021, a zero-day vulnerability known as Log4Shell was detected in the widely used Java library Log4j. As a result, the German Federal Office for Information Security (BSI) declared the highest warning level red.

As a result, we receive numerous calls and support emails to inquire about a possible vulnerability of our software. We take these inquiries seriously and have already checked our own software when the vulnerability was published. Both the current version Multieye 3 and its predecessor 2.5.8, replaced in 2018, are not vulnerable to a Log4Shell attack. The Java library Log4j is not part of these Multieye software packages. Therefore, an emergency patch is not required even if the system does not have the latest Multieye version.
On our recorders (Molbil systems and servers) artec does not pre-install any third-party software that contains a Java library that is vulnerable to Log4Shell.

However, as a precaution, we would like to point out that the respective IT service providers should check whether they have installed further 3rd party software in connection with a multi-eye installation, which is not provided by artec, but could be vulnerable to attacks. In particular, the in-house distribution path for software packages should be examined more closely, as Apache could be used here in a version that is vulnerable to Log4Shell in order to distribute update packages independently of our official update server within the company at the end customer.