Menu
Warning! You won't be able to use the quotation basket until you enable cookies in your Web browser.
Warning! Your Web browser is no longer supported. Please upgrade to a modern browser.

Security Advisory for Log4Shell (CVE-2021-44228)

Published: 

Overview

On or about December 10, 2021, a vulnerability was disclosed in the Apache Log4J software, which is a common logging system used by many applications built on Java. The vulnerability is commonly known as “Log4Shell.” More information on this vulnerability is available at https://logging.apache.org/log4j/2.x/security.html.

Leica Biosystems is evaluating our products to determine whether they are impacted by this vulnerability.

 

Product Status

ProductStatus regarding Log4ShellDescription
Aperio AT2Not VulnerableLog4J is not used.
Aperio AT2 DXNot VulnerableLog4J is not used.
Aperio CS2Not VulnerableLog4J is not used.
Aperio eSlide ManagerNot VulnerableLog4J is not used.
Aperio GT 450Not VulnerableLog4J is not used.
Aperio GT 450 DXNot VulnerableLog4J is not used.
Aperio ImageScopeNot VulnerableLog4J is not used.
Aperio ImageScope DXNot VulnerableLog4J is not used.
Aperio LV1Not VulnerableLog4J is not used.
Aperio SAM DX Server For GT 450 DXNot VulnerableUses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to
https://logging.apache.org/log4j/2.x/security.html
Aperio Scanner Administration Manager (SAM) Server for GT 450Not VulnerableUses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to
https://logging.apache.org/log4j/2.x/security.html
Aperio VERSANot VulnerableLog4J is not used.
Aperio WebViewer DXNot VulnerableLog4J is not used.
BOND-ADVANCENot VulnerableLog4J is not used.
BOND ControllerNot VulnerableLog4J is not used.
BOND-IIINot VulnerableLog4J is not used.
BOND-MAXNot VulnerableLog4J is not used.
BOND RXNot VulnerableLog4J is not used.
BOND RXmNot VulnerableLog4J is not used.
CEREBRONot VulnerableUses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to
https://logging.apache.org/log4j/2.x/security.html
CytoVisionNot VulnerableLog4J is not used.
HistoCore PEARLNot VulnerableLog4J is not used.
HistoCore PEGASUSNot VulnerableLog4J is not used.
HistoCore SPECTRA CVNot VulnerableLog4J is not used.
HistoCore SPECTRA STNot VulnerableLog4J is not used.
HistoCore SPIRIT STNot VulnerableLog4J is not used.
HistoCore SPRING STNot VulnerableLog4J is not used.
Leica ASP300SNot VulnerableLog4J is not used.
Leica CV5030Not VulnerableLog4J is not used.
Leica ST4020Not VulnerableLog4J is not used.
Leica ST5010Not VulnerableLog4J is not used.
Leica ST5020Not VulnerableLog4J is not used.
Leica TP1020Not VulnerableLog4J is not used.
LIS ConnectNot VulnerableUses Mirth Connect. Mirth Connect uses Log4J version 1.2.16. Apache has confirmed that Log4J versions 1.x are not impacted by CVE-2021-44228. Refer to
https://logging.apache.org/log4j/2.x/security.html
PathDXNot VulnerableLog4J is not used.
ThermoBrite EliteNot Vulnerable

Log4J is not used.

 

What Customers Should Do?

Customers are encouraged to follow updates on the Apache Website https://logging.apache.org/log4j/2.x/security.html and continue to monitor this notice for further updates as they become available.

In addition, Mirth Connect is a product of NextGen: Customers can inquire directly with NextGen.

As always, Leica Biosystems strongly recommends that all customer protect network access to devices with appropriate safeguards.

Leica Biosystems will continue to seek and monitor additional information related to this vulnerability. Customers are recommended to monitor this site for updates.

 

Obtaining Support on this Issue

If you require further clarification with this issue, please contact Leica Biosystems Support. Contact details for support are available at https://www.leicabiosystems.com/contact-us/contact-us-online/.

 

Reporting Security Vulnerabilities to Leica Biosystems

Leica Biosystems welcomes input regarding the security of its products and considers potential vulnerabilities seriously. For details on our vulnerability response process and guidance on how to report security-related issues to Leica Biosystems, please see the following website: https://www.leicabiosystems.com/about/product-security/#reportasecurityvulnerability

 

Disclaimer

The information on this site is based on information Leica Biosystems has been able to gather as of the date of this update. The information is intended to help customers address the situation described herein. Leica Biosystems evaluates risk based on common use of our devices or systems, and our evaluation may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions.

This information is provided "as is" and does not offer or imply any kind of guarantee or warranty. Leica Biosystems expressly disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Leica Biosystems or its affiliates be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Leica Biosystems or its affiliates have been advised of the possibility of such damages.

Your use of the information on the document is at your own risk. Leica Biosystems reserves the right to change or update this document at any time.

We appreciate your support during this process.

Kind Regards,

Brad Hawkes

Brad Hawkes CISSP, CSSLP | Principal Product Cyber Security Leader | Leica Biosystems