A flaw in Log4j, a Java library used for logging error messages, is currently the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10.
Warnings have been issued by several national cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC).
Most of Hexagon MI’s metrology software products are not affected by the Log4j vulnerability.
These include: PC-DMIS, QUINDOS/I++ SIMULATOR, QDAS, REcreate, DESIGNER, Robotic Automation, Spatial Analyzer, Inspire, DataPage+ and WebReporter.
Hardware-related software products from across Hexagon’s Manufacturing Intelligence division are also not affected by the Log4j vulnerability in any released version. These include: Leica: Tracker Pilot, T-Scan Interface and RDS.
However, a small number of our applications use the Log4j library for logging purposes.
These include: eMMA.
We are working on replacing the affected libraries with a new secure version and will provide license holders with an update of our products as soon as possible.
For more information, please see the latest support pages for individual software products.