Code Base for All Products Evaluated and Cleared of Log4J Security Threat
Control Station today announced that its portfolio of process diagnostic and optimization solutions are not affected by the Log4J security threat. Log4J is a widely used Java based logging utility which presents a significant vulnerability to industrial control systems and other web-based solutions if left unaddressed. Control Station’s customers were notified that this threat does not apply to the company’s solutions.
“Cyber security is a major challenge facing manufacturers worldwide and the Log4J threat serves as a reminder of the importance of keeping software toolkits up to date,” commented Dr. Bob Rice, Control Station’s Vice President of Engineering. “From development and testing practices to documentation and external communications, Control Station is committed to proactively addressing security concerns and to providing products that are safe to use.”
Sources suggest that the Log4J security vulnerability was first identified by the Chinese tech firm Alibaba with initial exploits reported by the Computer Emergency Response Team on December 1st. The vulnerability is limited to software that utilizes the Java-based Log4J logging utility that writes debugging information to a log file. Using the Java Naming Directory Interface and Lightweight Directory Access Protocol, hackers can modify logging parameters in the Log4J configuration file and thereby control the location and details reported in the log files. With control of the log files, hackers can then seize access to any connected computer servers and compromise an organization’s computer network. The Department of Homeland Security has urged all government and private-sector organizations to immediately address the Log4J vulnerability.
“Control Station’s products do not utilize Java and our software products are not at risk of exploitation from the Log4J vulnerability,” stated Brett Beauregard, the company’s Director of Product Development. “As with all cyber security threats, a thorough assessment of our code base was conducted to assure the integrity of our software solutions and to identify any risks that would jeopardize customers.”
Control Station’s PlantESP and LOOP-PRO product portfolios were developed using the .NET Framework and utilize the Log4Net logging utility. The .NET Framework has been the company’s preferred software development environment with all products fully migrated to the Microsoft environment as of 2008. Programs written for the .NET Framework leverage the Common Language Runtime for execution which provides enhanced security features associated with code signing and access.
Control Station’s process diagnostic and optimization software solutions have been deployed in support of production facilities located in over 70 countries. PlantESP is a leading control loop performance monitoring solution that proactively identifies issues that negatively affect production efficiency and throughput. LOOP-PRO is an award-winning process modeling and PID controller tuning solution that simplifies control loop optimization. The company is proud to support one-half of industrial manufacturers listed in the Fortune 500.