Apache Log4j critical vulnerability (CVE-2021-44228 & CVE-2021-45046)

Background

On December 10, 2021 a critical vulnerability (CVE-2021-44228) was reported in Apache Log4j, a very popular Java logging package. The vulnerability is impacting multiple versions of the Apache Log4j utility and the applications that use it. The vulnerability allows for unauthenticated remote code execution as the user running the application that utilizes the library.

A second low severity vulnerability has since been discovered (CVE-2021-45046). It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

For further information on these specific vulnerabilities, please refer to the links below:

Response

Beckman Coulter Life Sciences is continuing to monitor and evaluate its product portfolio.

Updates will be posted to https://www.beckman.com/support/customer-relations as additional information becomes available.

For further information regarding evaluated products (including mitigations and patching), please see the table below. Any product not on this list is not affected by these vulnerabilities and evaluation was not required.

Product Line Product Name Recommendations and Comments
Cell Viability Vi-CELL BLU Reported vulnerability does not affect this product
Cell Viability Vi-CELL MetaFLEX Reported vulnerability does not affect this product
Cell Viability Vi-CELL XR Reported vulnerability does not affect this product
Centrifuge Avanti JXN 26 Reported vulnerability does not affect this product
Centrifuge Avanti JXN 30 Reported vulnerability does not affect this product
Centrifuge Mobilefuge Reported vulnerability does not affect this product
Centrifuge Optima AUC Beckman Coulter Life Sciences recommends isolating or utilizing a closed network for this product. Please check back later for updated information.
Centrifuge Optima XE Reported vulnerability does not affect this product
Centrifuge Optima XPN Reported vulnerability does not affect this product
Cytometry AQUIOS CL Reported vulnerability does not affect this product
Cytometry Avenger Prep Reported vulnerability does not affect this product
Cytometry Cytobank All applicable systems now patched.
Cytometry CytoFLEX Reported vulnerability does not affect this product
Cytometry CytoFLEX LX Reported vulnerability does not affect this product
Cytometry CytoFLEX S Reported vulnerability does not affect this product
Cytometry CytoFLEX SRT Reported vulnerability does not affect this product
Cytometry DI Reported vulnerability does not affect this product
Cytometry DxFLEX Reported vulnerability does not affect this product
Cytometry FC500 MCL Reported vulnerability does not affect this product
Cytometry FC500 MPL Reported vulnerability does not affect this product
Cytometry FP1000 Vulnerability analysis work ongoing. Beckman Coulter Life Sciences recommends isolating or utilizing a closed network for this product. Please check back later for updated information.
Cytometry Gallios Reported vulnerability does not affect this product
Cytometry Kaluza Analysis Reported vulnerability does not affect this product
Cytometry Kaluza Clinical Reported vulnerability does not affect this product
Cytometry Kaluza for Gallios Reported vulnerability does not affect this product
Cytometry MoFlo Astrios Reported vulnerability does not affect this product
Cytometry Navios Reported vulnerability does not affect this product
Cytometry Navios EX Reported vulnerability does not affect this product
Cytometry MoFlo XDP Reported vulnerability does not affect this product
Genomics EMnetik 24 Reported vulnerability does not affect this product
Lab Automation Biomek 4000 Reported vulnerability does not affect this product
Lab Automation Biomek FX/FXp Reported vulnerability does not affect this product
Lab Automation Biomek i5 Reported vulnerability does not affect this product
Lab Automation Biomek i7 Reported vulnerability does not affect this product
Lab Automation Biomek NX/NXp Reported vulnerability does not affect this product
Lab Automation DART Reported vulnerability does not affect this product
Lab Automation EDC Gen4+ Reported vulnerability does not affect this product
Lab Automation EDC Gen5 Reported vulnerability does not affect this product
Lab Automation Labcyte Access Reported vulnerability does not affect this product
Lab Automation Labcyte Echo 525 Reported vulnerability does not affect this product
Lab Automation Labcyte Echo 550 series Reported vulnerability does not affect this product
Lab Automation Labcyte Echo 650 series Reported vulnerability does not affect this product
Lab Automation SAMI EX Reported vulnerability does not affect this product
Lab Automation SAMI Process Management Reported vulnerability does not affect this product
Lab Automation Beckman Connect Reported vulnerability does not affect this product
Lab Automation BioLector Reported vulnerability does not affect this product
Particle Characterization LS 13320 Reported vulnerability does not affect this product
Particle Characterization LS 13320 XR Reported vulnerability does not affect this product
Particle Characterization Multisizer 4e Reported vulnerability does not affect this product
Particle Counting A-1000 XP Vulnerability analysis work ongoing. Beckman Coulter Life Sciences recommends isolating or utilizing a closed network for this product. Please check back later for updated information.
Particle Counting ANATEL PAT700 Reported vulnerability does not affect this product
Particle Counting HIAC 8011+ Reported vulnerability does not affect this product
Particle Counting HIAC PODS+ Reported vulnerability does not affect this product
Particle Counting MET ONE 3400 Reported vulnerability does not affect this product
Particle Counting MET ONE 3400+ Reported vulnerability does not affect this product
Particle Counting MET ONE 3411 Reported vulnerability does not affect this product
Particle Counting MET ONE 6000 Reported vulnerability does not affect this product
Particle Counting MET ONE HHPC+ Reported vulnerability does not affect this product