Statement on vulnerabilities in Apache Log4j: OMRON Industrial Automation products are not affected
The Apache Software Foundation has published information about a vulnerability in the Java logging framework log4j. This allows an attacker to execute arbitrary code loaded from LDAP or JNDI related endpoints that are under control of the attacker. Additionally, a further vulnerability might allow an attacker to cause a denial of service by sending a crafted string to the framework.
OMRON Industrial Automation Business (IAB) group has completed the investigation into whether our products would be affected by Apache Log4j*.
We have confirmed that vulnerabilities caused by Apache Log4j do not affect OMRON products distributed in the market. We strive to continuously improve cybersecurity and will respond to any vulnerabilities in our products and solutions. If you have any questions or concerns, please don’t hesitate to contact your local OMRON office.
*Apache Log4j is the open-source Java logging library provided by Apache Software Foundation.