Which products are affected, and how to update your affected systems
Opto 22 engineers have addressed the Log4Shell/Log4j vulnerability recently reported in news media this week. Firmware and software updates for affected products are now available. Opto 22 urges you to apply these updates immediately, regardless of whether you're using groov View.
The Log4j vulnerability affects all products running groov View software, including:
- GRV-EPIC-PR1, GRV-EPIC-PR2
- GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
- GROOV-AT1, GROOV-AT1-SNAP
- GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP
Please see this Opto KB Article (KB90085) for more details.
Please note that the following Opto 22 products are NOT affected:
- groov RIO (GRV-R7-MM1001-10 and GRV-R7-MM2001-10)
- SNAP I/O brains, SNAP PAC controllers, and the PAC Project software suite
- Legacy products including mistic, Optomux, FactoryFloor, and others
How to obtain updated firmware & software
For all groov EPIC users (GRV-EPIC-PR1, GRV-EPIC-PR2), please reference the groov EPIC Firmware Readme for complete details. Log in to your MyOpto account or visit manage.groov.com to download your free version 3.3.2 upgrade today.
For groov Server for Windows (GROOV-SVR-WIN) or groov Edge Appliance (GROOV-AT1, GROOV-AR1) users, visit manage.groov.com to get your update.
NOTE: You must have current maintenance to update these products. If your maintenance has expired, you can order a groov Maintenance 10-Year from our website, and we will waive any charges. Contact PCS@opto22.com for more information.
Please see the groov View Readme for complete groov View R4.3g release details.
More information about Log4Shell/Log4j
On December 9th, 2021, a new vulnerability was reported (CVE-2021-44228) against a common Java logging library, “log4j”. This vulnerability makes affected systems susceptible to having remote attackers be able to run malicious programs on said systems. This is also known as an RCE, or Remote Code Execution attack.
More detailed information about this vulnerability can be found at NIST.gov here:
If you have any questions about updating your affected products, please reach out to us. We're eager to help.