On Friday December 10th, we became aware of a critical severity zero-day exploit known as “Log4Shell” in the Log4j programming library, which is widely used in numerous online software systems.
simPRO immediately began investigating our vulnerability to this exploit. It was clear to us that our main simPRO web platform, eForms and simTRAC were NOT susceptible as they do not use this library. We continued to dig into our other systems to ensure they were also secure.
While our IoT platform and the BI Reporting system were also not directly affected by this exploit, we have taken an extra mitigating step to ensure that it is not introduced into these products in the future by deploying some modifications to those environments in the past couple of days.
We can confirm that all our systems and software at simPRO are safe against this exploit. At simPRO we take the protection of our customers’ data very seriously. We continue to monitor developments with regards to the vulnerability in the log4j library.