Log4j vulnerability also threatens occupational safety
The Log4Shell vulnerability is still rated as particularly critical because the Java vulnerability also allows attacks on industrial controllers.
The security gap Log4shell in the Java library is not only an IT vulnerability, but also has an impact on machine controls. This can be a threat to many employees who work with networked machines and controls. The Institute for Occupational Safety and Health of the German Social Accident Insurance (IFA) also warns of this. The statement is still relevant, however, as the vulnerability will continue to preoccupy the entire industry for some time to come.
What many people don't know is that "the security vulnerability enables attacks on industrial control systems and thus poses a direct threat to the safety and health of industrial workers," Jonas Stein, a security expert at the IFA and head of the German Social Accident Insurance's Security Working Group, was quoted as saying.
All operators and manufacturers of machines are urgently advised to check their systems and clarify whether the systems could be affected. Affected parties should take the necessary security precautions of the BSI (in Switzerland of the NCSC) note. Also the IFA has since a FAQ list put online. It can also be assumed, for example, that many control panels and remote maintenance systems for machines could also be affected.
Source: DGUV
