OptoBlog

Important information about Log4Shell/Log4j (CVE-2021-44228)

Posted by Janice Colmer on Dec 16, 2021 7:20:12 AM

Which products are affected, and how to update your affected systems

Opto 22 engineers have addressed the Log4Shell/Log4j vulnerability recently reported in news media this week. Firmware and software updates for affected products are now available. Opto 22 urges you to apply these updates immediately, regardless of whether you're using groov View.

The Log4j vulnerability affects all products running groov View software, including: 

  • GRV-EPIC-PR1, GRV-EPIC-PR2
  • GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
  • GROOV-AT1, GROOV-AT1-SNAP
  • GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP

Please see this Opto KB Article (KB90085) for more details.

Please note that the following Opto 22 products are NOT affected:

  • groov RIO (GRV-R7-MM1001-10 and GRV-R7-MM2001-10)
  • SNAP I/O brains, SNAP PAC controllers, and the PAC Project software suite
  • Legacy products including mistic, Optomux, FactoryFloor, and others 

info.opto22.comhubfsgroovEPIC-w-Phone-1

How to obtain updated firmware & software

For all groov EPIC users (GRV-EPIC-PR1, GRV-EPIC-PR2), please reference the groov EPIC Firmware Readme for complete details. Log in to your MyOpto account or visit manage.groov.com to download your free version 3.3.2 upgrade today.

UPDATE TO FIRMWARE 3.3.2

For groov Server for Windows (GROOV-SVR-WIN) or groov Edge Appliance (GROOV-AT1, GROOV-AR1) users, visit manage.groov.com to get your update.

groov Edge Appliance and groov Server for Windows

NOTE: You must have current maintenance to update these products. If your maintenance has expired, you can order a groov Maintenance 10-Year from our website, and we will waive any charges. Contact PCS@opto22.com for more information.

GET GROOV VIEW 4.3g

Please see the groov View Readme for complete groov View R4.3g release details.

More information about Log4Shell/Log4j

On December 9th, 2021, a new vulnerability was reported (CVE-2021-44228) against a common Java logging library, “log4j”. This vulnerability makes affected systems susceptible to having remote attackers be able to run malicious programs on said systems. This is also known as an RCE, or Remote Code Execution attack.

More detailed information about this vulnerability can be found at NIST.gov here:
https://nvd.nist.gov/vuln/detail/CVE-2021-44228

If you have any questions about updating your affected products, please reach out to us. We're eager to help.

Topics: Updates, Firmware, groov server for windows, groov View, groov EPIC, Log4Shell, Log4j

Written by Janice Colmer

Janice has worked at Opto 22 for nearly 20 years and is part of the marketing team that strives to share new and relevant content with the automation industry. She enjoys books, camping, country music, and spending time with family and friends.
Find me on:

    Subscribe to Email Updates

    Recent Posts

    Posts by Topic

    see all