Many are wondering if their building management system is vulnerable to the Apache Log4j. The technical team at MACC is staying at the forefront of this issue, and we'll provide more information as it becomes available.
In the meantime, there is a lot of mixed information flying around related to this, so we wanted to educate our clients and associates about the impact this will have on Tridium systems, which the majority of our customers use. Below is the information Tridium has provided related to how the Apache Log4j2:
Niagara Framework is Not Exposed to the Apache Log4j Vulnerability
The Niagara Framework and Niagara Enterprise Security have been evaluated for the Apache Log4j2 Vulnerability, see the CISA Alert. All supported versions of the Niagara Framework® and Niagara Enterprise Security are unaffected by this vulnerability. To ensure the security robustness of their assets, customers should immediately investigate whether any modules developed by external or third-party vendors are installed in their stations. If so, please contact those organizations to see if those modules are affected, and develop a remediation plan if necessary.
Cybersecurity is a priority at Tridium. We are dedicated to continuously improving the security of our products, and we will continue to update you as we release new security features, enhancements, and updates.
DISCLAIMERS
- CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- YOUR USE OF THE INFORMATION IN THIS DOCUMENT OR MATERIALS LINKED FROM THIS DOCUMENT IS AT YOUR OWN RISK.
- TRIDIUM RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME AND WITHOUT NOTICE.
- IN NO EVENT WILL TRIDIUM BE LIABLE TO ANYONE FOR ANY DIRECT, INDIRECT. SPECIAL, OR CONSEQUENTIAL DAMAGES.
Source: https://www.tridium.com/us/en/Products/niagara