Industrial networks are among those which are vulnerable to the recently disclosed zero-day in the Log4j2 Java logging library, security researchers have warned.
The vulnerability (CVE-2021-44228) was disclosed on December 9 and allows remote code execution and access to servers. Log4j is used in a wide range of commonly used enterprise systems, raising fears that there’s ample opportunity for the vulnerability to be exploited.
Within hours of the vulnerability being publicly disclosed, cyber attackers were already making hundreds of thousands of attempts to exploit the critical Log4j vulnerability to spread malware and access networks.
Each day on from its disclosure, more is being learned about the flaw and now cybersecurity researchers have warned that it could have significant implications for operational technology (OT) networks which control industrial systems – and for a long time.
“Given that Log4j has been a ubiquitous logging solution for Enterprise Java development for decades, Log4j has the potential to become a vulnerability that will persist within Industrial Control Systems (ICS) environments for years to come,” said a blog post by cybersecurity researchers at Dragos.
And given how easy it is to exploit the vulnerability, combined with the potentially large number of affected applications, researchers recommend an