FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32Cube tools and log4j

Go to solution
stephane.legargeant
ST Employee

‎2021-12-16 11:09 AM

The impact of log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 for STM32Cube tools has been assessed by the development team, and the tools can be used without risk.

  • STM32CubeMX,
  • STM32CubeIDE,
  • ST-MCU-FINDER-PC 
    • The log4j version used is not impacted by CVE-2021-44228
    • No risk of remote code execution using CVE-2021-44228

  • STM32CubeMonitor-RF,
  • STM32CubeMonitor-UCPD,
  • STM32CubeMonitor-PWR
    • The log4j version is impacted by the CVE-2021-44228 (log4j version 2.8.1)
    • There is no internet and no remote access for this tools, so attacker would have to be logged on the computer and need to have access to tool GUI to inject data in log4j.
    • No risk of remote code execution using CVE-2021-44228

  • STM32CubeProgrammer,
  • STM32CubeMonitor :
    • log4j is not used for this tools
    • No risk of remote code execution using CVE-2021-44228

1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Richard.Chvr
ST Employee

‎2022-03-31 03:27 AM

Thank you for this assessment

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

0 Kudos
1 REPLY 1
Go to solution
Richard.Chvr
ST Employee

‎2022-03-31 03:27 AM

Thank you for this assessment

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
Top