Over the weekend, a high severity security vulnerability in the Java-based log4j logging framework (CVE-2021-44228) was reported and is being actively exploited. This exploit is also known as “log4shell” and provides a vector for remote code execution.
Security is a top priority at MPS Monitor, so we have been actively reviewing our infrastructure to assess our exposure to this vulnerability and to ensure we continue to maintain a secure environment for you and your customers.
As a result of this full and extensive assessment, we can state that MPS Monitor does not suffer of any risk coming from this vulnerability.
More in details:
- All our Cloud and server-side services are .NET-based. We do not use log4j and therefore no server system, process or service is affected.
- The MPS Monitor Windows DCA is .NET-based, and does not use Java in any part of its code base. Log4j is not present at all in the Windows DCA software package.
- On some versions of the Embedded DCAs, we use Java and Log4J. The Embedded DCA versions using Java are:
- Samsung Embedded DCA
- Kyocera Embedded DCA
On those applications, we have checked extensively and we can confirm that the Log4J version we use is not among those affected by the vulnerability.
We have also checked that the classes and functions that can be exploited by the vulnerability are not present in any of the Embedded versions currently distributed nor in previous versions.
- For HP customers using MPS Monitor with HP Smart Device Services, and for HP SDS Action Center customers, Java and Log4j are not used in JAMC nor in any other SDS component.
So we can officially state that CVE-2021-44428 does not affect in any way the security of the MPS Monitor system. There is no action needed from you nor from us because of this vulnerability.
If you are using MPS Monitor to manage your customer’s printing devices, you can forward this message to them and give them full peace of mind on the level of security that your remote management system provides.
If you wish to know more about MPS Monitor’s overall security posture, please read the Keypoint Intelligence MPS Platform Security White Paper: https://www.mpsmonitor.com/docs/MPSMonitor_PlatformSecurity.pdf