Are Saia Burgess Controls devices or products exposed to the Log4j vulnerabilities related to Java-based Apache logging services?
Most of the Saia Burgess Controls devices or products are not exposed to the Apache log4j Vulnerability.
The only product, which could be exposed is the Energy Monitoring of the Saia PCD Supervisor.
The following products are not exposed to log4j vulnerabilities:
- Saia PG5 Controls Suite including Web-Editor5 and Web-Editor8 and all PG5 and Web templates
- Saia QronoX ECS including Web-Editor8
- Saia PCD Supervisor
- MicroBrowser Apps (Android, iOS, Windows)
- Java-Applet IMaster*.jar
- S-Monitoring application
- Saia PCD1/2/3/4/6 Classic devices
- Saia PCD1/2/3 xx7 devices
- Saia PCD3 QronoX devices
- PCD7.D1/2 Text terminals
- PCD7.D4 MicroBrowser
- Panels PCD7.D5xxCF/RF HTML5 Web-Panels
- PCD7.D5/D6 CE/eXP/Win7 Web-Panels
- PCD7.F/H/K/L/R/T/W devices
- Q.NET-EBW and Q.NET-IMON routers
- SBC Connectivity Service portal
- Axx Energy meters
The following product could be exposed to log4j vulnerabilities:
- Energy Monitoring of the Saia PCD Supervisor
We assume that the risk for Energy Monitoring regarding this vulnerability is low.
However, we take any possible security vulnerability very seriously and have therefore created the security update and recommend to update your application to version 3.4.2 to close any possible security gap.
The update 3.4.2 can be loaded from here:
The verification of whether 3rd party products and field devices sold by SBC are affected by log4j vulnerabilities is ongoing - which we also consider unlikely for the moment.
The FAQ will be updated as soon as we have received the information.
Cybersecurity is a top priority at SBC and Honeywell. We are committed to continuously improving the security of our products.
Please see our notes on the support page regarding security upgrades and connecting PCD controllers to the Internet.
Last update: 07.01.2022 13:33
First release: 14.12.2021 10:55