STM32Cube tools and log4j
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2021-12-16 11:09 AM
The impact of log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 for STM32Cube tools has been assessed by the development team, and the tools can be used without risk.
- STM32CubeMX,
- STM32CubeIDE,
- ST-MCU-FINDER-PC
- The log4j version used is not impacted by CVE-2021-44228
- No risk of remote code execution using CVE-2021-44228
- STM32CubeMonitor-RF,
- STM32CubeMonitor-UCPD,
- STM32CubeMonitor-PWR
- The log4j version is impacted by the CVE-2021-44228 (log4j version 2.8.1)
- There is no internet and no remote access for this tools, so attacker would have to be logged on the computer and need to have access to tool GUI to inject data in log4j.
- No risk of remote code execution using CVE-2021-44228
- STM32CubeProgrammer,
- STM32CubeMonitor :
- log4j is not used for this tools
- No risk of remote code execution using CVE-2021-44228
Solved! Go to Solution.
Labels:
This discussion is locked. Please start a new topic to ask your question.
1 ACCEPTED SOLUTION
Accepted Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2022-03-31 3:27 AM
Thank you for this assessment
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2022-03-31 3:27 AM
Thank you for this assessment
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
