Log4j security gap also endangers occupational safety
16.12.2021
Log4j security gap also endangers occupational safety
IFA publishes FAQs for machine manufacturers and operators
The Log4shell security lack (CVE-2021-44228) in the Java library log4j is also a threat to many employees who work with networked machines and controls. The Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA) warns of this and publishes handouts for protection against dangerous consequences of the security vulnerability in an industrial context at www.dguv.de/ifa/security.
The German Federal Office for Information Security (BSI) is currently warning against attacks on IT systems due to the critical security vulnerability Log4shell.
What many people don't know: "The vulnerability enables attacks on industrial control systems and is thus a direct threat to the safety and health of employees in industry," says Jonas Stein, security expert at the IFA and head of the Security working group of the German Social Accident Insurance.
Stein: "We urgently advise everyone who operates and manufactures machines to check their systems and clarify whether they are affected. Those affected should follow the security recommendations of the BSI and manufacturers as soon as possible, many of which have already been published online. The IFA has compiled comprehensive information on how to deal with the problem in an online FAQ list.
It can be assumed that many control panels and remote maintenance systems for machines are affected.