Apache Log4j critical vulnerability (CVE-2021-44228 & CVE-2021-45046)
Background
On December 10, 2021 a critical vulnerability (CVE-2021-44228) was reported in Apache Log4j, a very popular Java logging package. The vulnerability is impacting multiple versions of the Apache Log4j utility and the applications that use it. The vulnerability allows for unauthenticated remote code execution as the user running the application that utilizes the library.
A second low severity vulnerability has since been discovered (CVE-2021-45046). It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
For further information on these specific vulnerabilities, please refer to the links below:
Response
Beckman Coulter Life Sciences is continuing to monitor and evaluate its product portfolio.
Updates will be posted to https://www.beckman.com/support/customer-relations as additional information becomes available.
For further information regarding evaluated products (including mitigations and patching), please see the table below. Any product not on this list is not affected by these vulnerabilities and evaluation was not required.
Product Line | Product Name | Recommendations and Comments |
Cell Viability | Vi-CELL BLU | Reported vulnerability does not affect this product |
Cell Viability | Vi-CELL MetaFLEX | Reported vulnerability does not affect this product |
Cell Viability | Vi-CELL XR | Reported vulnerability does not affect this product |
Centrifuge | Avanti JXN 26 | Reported vulnerability does not affect this product |
Centrifuge | Avanti JXN 30 | Reported vulnerability does not affect this product |
Centrifuge | Mobilefuge | Reported vulnerability does not affect this product |
Centrifuge | Optima AUC | Beckman Coulter Life Sciences recommends isolating or utilizing a closed network for this product. Please check back later for updated information. |
Centrifuge | Optima XE | Reported vulnerability does not affect this product |
Centrifuge | Optima XPN | Reported vulnerability does not affect this product |
Cytometry | AQUIOS CL | Reported vulnerability does not affect this product |
Cytometry | Avenger Prep | Reported vulnerability does not affect this product |
Cytometry | Cytobank | All applicable systems now patched. |
Cytometry | CytoFLEX | Reported vulnerability does not affect this product |
Cytometry | CytoFLEX LX | Reported vulnerability does not affect this product |
Cytometry | CytoFLEX S | Reported vulnerability does not affect this product |
Cytometry | CytoFLEX SRT | Reported vulnerability does not affect this product |
Cytometry | DI | Reported vulnerability does not affect this product |
Cytometry | DxFLEX | Reported vulnerability does not affect this product |
Cytometry | FC500 MCL | Reported vulnerability does not affect this product |
Cytometry | FC500 MPL | Reported vulnerability does not affect this product |
Cytometry | FP1000 | Vulnerability analysis work ongoing. Beckman Coulter Life Sciences recommends isolating or utilizing a closed network for this product. Please check back later for updated information. |
Cytometry | Gallios | Reported vulnerability does not affect this product |
Cytometry | Kaluza Analysis | Reported vulnerability does not affect this product |
Cytometry | Kaluza Clinical | Reported vulnerability does not affect this product |
Cytometry | Kaluza for Gallios | Reported vulnerability does not affect this product |
Cytometry | MoFlo Astrios | Reported vulnerability does not affect this product |
Cytometry | Navios | Reported vulnerability does not affect this product |
Cytometry | Navios EX | Reported vulnerability does not affect this product |
Cytometry | MoFlo XDP | Reported vulnerability does not affect this product |
Genomics | EMnetik 24 | Reported vulnerability does not affect this product |
Lab Automation | Biomek 4000 | Reported vulnerability does not affect this product |
Lab Automation | Biomek FX/FXp | Reported vulnerability does not affect this product |
Lab Automation | Biomek i5 | Reported vulnerability does not affect this product |
Lab Automation | Biomek i7 | Reported vulnerability does not affect this product |
Lab Automation | Biomek NX/NXp | Reported vulnerability does not affect this product |
Lab Automation | DART | Reported vulnerability does not affect this product |
Lab Automation | EDC Gen4+ | Reported vulnerability does not affect this product |
Lab Automation | EDC Gen5 | Reported vulnerability does not affect this product |
Lab Automation | Labcyte Access | Reported vulnerability does not affect this product |
Lab Automation | Labcyte Echo 525 | Reported vulnerability does not affect this product |
Lab Automation | Labcyte Echo 550 series | Reported vulnerability does not affect this product |
Lab Automation | Labcyte Echo 650 series | Reported vulnerability does not affect this product |
Lab Automation | SAMI EX | Reported vulnerability does not affect this product |
Lab Automation | SAMI Process Management | Reported vulnerability does not affect this product |
Lab Automation | Beckman Connect | Reported vulnerability does not affect this product |
Lab Automation | BioLector | Reported vulnerability does not affect this product |
Particle Characterization | LS 13320 | Reported vulnerability does not affect this product |
Particle Characterization | LS 13320 XR | Reported vulnerability does not affect this product |
Particle Characterization | Multisizer 4e | Reported vulnerability does not affect this product |
Particle Counting | A-1000 XP | Vulnerability analysis work ongoing. Beckman Coulter Life Sciences recommends isolating or utilizing a closed network for this product. Please check back later for updated information. |
Particle Counting | ANATEL PAT700 | Reported vulnerability does not affect this product |
Particle Counting | HIAC 8011+ | Reported vulnerability does not affect this product |
Particle Counting | HIAC PODS+ | Reported vulnerability does not affect this product |
Particle Counting | MET ONE 3400 | Reported vulnerability does not affect this product |
Particle Counting | MET ONE 3400+ | Reported vulnerability does not affect this product |
Particle Counting | MET ONE 3411 | Reported vulnerability does not affect this product |
Particle Counting | MET ONE 6000 | Reported vulnerability does not affect this product |
Particle Counting | MET ONE HHPC+ | Reported vulnerability does not affect this product |