Spica Technologies Statement: Platform not affected by “Log4Shell”

December 14, 2021
Gemma Worgan

You may have recently seen in the news information relating to a potentially very serious security vulnerability that will likely affect a broad range of cloud-based SaaS offerings and services. The exploit was disclosed on December 9th, and could potentially allow an attacker to execute code on a remote server. The vulnerability was found within a popular Java-based logging package known as Log4j. Given the widespread use of Java in cloud-based systems, and the widespread use of Log4j as a logging framework, the vulnerability is considered one of the most serious in recent times.

You can read more about the exploit and its potential impacts here: https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/

Spica Status

As soon as Spica became aware of the vulnerability, we took steps to protect our platform and most importantly our customer data. 

To be clear, we do not believe that Spica’s GemEx platform or the Luna app were vulnerable to this exploit at any point in time.

Nevertheless, we took steps to protect ourselves and conduct an investigation:

  • On the 10th December Spica’s hosting partner, Amazon Web Services (AWS), released an  update to their Web Application Firewall (WAF) which is used to safeguard all of Spica’s cloud resources. The update added new rules to the firewall to prevent requests that contain the commonly used Log4j headers from reaching GemEx instances, and Spica’s WAF infrastructure was updated automatically.
  • Spica has conducted a review of all cloud application source code, verifying that none of the affected Log4j libraries are being used in any of our products.
  • We have passed on information relating to the vulnerability to our IOT vendors and have asked them to confirm whether they are affected.

To reiterate, Spica is not directly affected by the CVE-2021-44228 exploit and we will continue to gather information from our suppliers to determine whether they have been affected. We strongly encourage customers who manage environments containing Log4j to check to see if they are affected and take the necessary action.

A day in the life of a: Lead Technical Support Engineer

A day in the life of a: Lead Technical Support Engineer

Lead Technical Support Engineers play a crucial role as part of the Customer Services at Spica. They deal with customers and clients directly, from installing sensors onsite to solving any issues raised by customers. In this exclusive interview, we get to meet Jason,...

read more
Workplace Requests: Making It Easy

Workplace Requests: Making It Easy

I want never gets! Or at least that’s what my mum always told me...   Sadly, that’s not the case when you are managing corporate real estate. I want may never get, but employee requests must be answered! Introducing Requests At Spica we’ve been working with...

read more
Is Smart Technology the Answer for Cleaner Air? 

Is Smart Technology the Answer for Cleaner Air? 

It’s National Clean Air Day! A day dedicated to raising awareness on the harmful effects of air pollution and the benefits of breathing clean air. From pledging to walk, using electric cars instead or learning more about air pollution, these are just some of the ways...

read more

Download


Better Spica-Worktech WEX App SurveyReport

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download

Better Building Management: IoT and Environmental Quality Whitepaper

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download

Occupancy Analytics Data Sheet

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download

Portfolio Analytics Data Sheet

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Download

Ecopilot Fact Sheet

Spica Technologies will process your information to provide you with the products and services you have requested. You may unsubscribe from these communications at any time. For information please read out Privacy Policy.

Successfully Submitted!

Bitnami