Log4J Vulnerability ( zero to low risk )

There is a significant focus in the software world, and rightly so, upon the recently discovered Log4J vulnerability ( CVE-2021-44228 ).

We have reviewed our products, and believe this vulnerability is not exploitable for Energetiq installations.

Our Products Do Not Contain the Vulnerability

We have reviewed all Energetiq products, and believe that we do not utilise any impacted Log4J libraries.

AWS is patching AWS Components

We do rely on AWS services, of which a small number are impacted. For more details on the AWS response, please find them here.

Regardless, we believe these services cannot be exploited via this vulnerability.

Energetiq installations do not expose these AWS services to the networks of our customers. And as always, our services are not available to the wider internet.

Should AWS require us to apply patching we will notify impacted customers of any maintenance required and strive to minimise any service degradation.

Maintaining Vigilance

As is always the case with security incidents and vulnerabilities, the situation continues to evolve. We continue to double & triple check that there is no risk to our services or data.

We will update this blog post with additional information as it comes to light.