Cybersecurity and the IoT: How Does Log4Shell Affect CPI eConnect® PDUs?

December 21, 2021

Last week, cybersecurity teams around the world began scrambling to fix and install patches for a critical security flaw found in Apache’s widely used Log4Shell (log4j), an open-source software tool that logs changes in compatible software and web applications, many of which interface directly with the underlying systems that connect devices to networks in today’s Internet of Things (IoT) landscape.
 
The flaw was officially acknowledged on December 10, when a critical severity Remote Code Execution (RCE) exploit disclosure for log4j was published by the Common Vulnerabilities and Exposures Program (CVE® Program). Complete information about the disclosure, dubbed CVE-2021-44228, can be accessed here.
 
In response to this fast-developing story, Chatsworth Products (CPI) would like to notify all customers and those considering deploying CPI’s networked eConnect® Power Distribution Units (PDUs) in their data centers or edge sites that because CPI’s eConnect PDU line does not utilize any Apache or Java technologies, there is zero impact to CPI eConnect PDUs as a result of the current log4j exploit and cybersecurity concern.

Additionally, Remote Infrastructure Management (RIM) environmental monitoring appliances and KVM switches sold by CPI are also not affected, as these products do not utilize Apache applications, while CPI’s partner company for DCIM software, Sunbird®, has released new versions of dcTrack and Power IQ software to address the log4j security vulnerability. The new versions can be downloaded via the link below. Download of these versions requires a valid maintenance contract and user login to the Support Portal.

In recognizing the collective importance and value of an industry working together to help minimize the impact of cyberattacks that undermine the integrity of all networks, CPI will continue to power and protect your technology investments wherever they may be, and continue to monitor this story to further evaluate the impact on our software solutions and relay important updates in this space as needed.
 
As always, customers are also encouraged to reach out to CPI Technical Support with any questions or concerns related to CPI products and solutions.
Posted by Jeff Cihocki, Content Manager at 12/21/2021 8:33:57 AM
Search CPI in the News