Detection of Log4J Vulnerability in Embedded Products

A critical vulnerability has been discovered in Log4J, the world's most utilized logging framework. Existing guidance focuses on patching web applications, but misses a critical category of vulnerable products altogether: connected devices and embedded systems.

If you manufacture any embedded products, even detecting the presence of Log4j in each of your SKUs and firmware versions can be extremely challenging and time-consuming. As we’ve learned from OEMs still using manual processes, we’ve found that typical embedded device manufacturers take 2-8 weeks to uncover whether a vulnerability impacts their product lines. At Finite State, we can shorten that process so that it takes seconds to identify the presence of new vulnerabilities as soon as they are discovered.