Brüel & Kjær and Log4j Security

On Friday 10 December 2021, Apache disclosed a critical vulnerability in the Log4j library, an open-source logging element in Java.

This vulnerability allows for an untrusted input to result in LDAP, RMI or other HNDI endpoints loading and executing arbitrary code from an untrusted source. Given the cross-platform nature of Java, this vulnerability is found in all operating systems.

We have investigated our products and determined that those listed below are not affected by this vulnerability. 

Industrial hardware and software

LAN-XI
BK Connect
Team Server
PULSE LabShop
PULSE Operational Modal Analysis
TFI – Test for I-deas including drivers
Automotive Sound Quality
Reporter (MTS)
IMAT + FEA 
Sonoscout
LASERUSB
COMETUSB
RT Pro 

Sound level meters and associated software

2245 Sound Level Meter 
2250 Sound level Meter 
2270 Sound Level Meter
EnviroNoise Partner
Noise Partner
Work Noise Partner
Product Noise Partner
Measurement Partner Suite
Qualifier

As verification of 3rd party products and components rely directly on the statement of the 3rd party, there is a potential risk that some may open the Log4j vulnerability anyway.  To be extra cautious, we are advising customers who are concerned with this issue, or who discover that these components are packaged with our licensing installer, can and should delete this file as they feel appropriate. 

Thank you for your patience and understanding during our evaluation of the impact of Log4j’s vulnerability. 

If you have any additional questions regarding this issue, please feel free to contact the HBK support team.