Vulnerability Summary

   
On December 9, researchers published proof-of-concept (PoC) exploit code for a critical vulnerability in Apache Log4j 2, a Java logging library used by several applications and services.

For further details please see Website: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

B. Braun proactively analyzed the software stack of product lines that could potentially be affected by this vulnerability. None of the B. Braun products listed uses the affected logging library software detailed in the communication.

Product lines include:

• Outlook^® Safety Infusion System Pump family
• Space^® Infusion Pump family (Infusomat^® Space^® Infusion Pump, Perfusor^® Space^® Infusion Pump, SpaceStation, and Space^® Wireless Battery)
• DoseTrac^® Server, DoseLink™ Server, and Space^® Online Suite Server software
• Pinnacle^® Compounder
• APEX^® Compounder

B. Braun ensures high security standards throughout the product life cycle by using global accepted standard test and verification methods. It has established processes to monitor the latest vulnerabilities, threats, or risks and will proactively implement measures as required.

Further information can be found at the Department of Homeland Security Cybersecurity & Infrastructure Agency (CISA):

https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance