17.03.2022 - PTC Axeda Agent Vulnerability
We are aware of the recently disclosed PTC Axeda agent vulnerabilities (CVE-2022-25247, 25248, 25249, 25250, 25251). We are actively monitoring this serious issue, and we are working to assess any products or services provided by Leica Microsystems that are either directly or indirectly affected by this vulnerability.
At the current time, we have identified SPE, SP5, SP8 and SCN400 as potentially affected. Furthermore, this only affects instruments:
- having currently any network connection, including restricted connections, and
- running pre-2021 version of Axeda RemoteCare.
This software is no longer being used by Leica Microsystems. LMS has retired the software on December 31, 2020.
There are several mitigation options:
- Contact your IT Department to restrict network access to the instrument,
- Contact Leica Service to uninstall Axeda software from your instrument @ @iot@leicams.com
- For additional mitigation please visit: https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01
For more information, please review:
https://www.ptc.com/en/support/article/CS363561
https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01 .
Also, we strongly encourage all customers to register their equipment to receive email notifications in the future.
24.01.2022 - Apache Log4j - Security notice for users of Leica SP8 workstations (HP Z840 series)
The Apache Foundation has announced security vulnerabilities for Log4j (CVE-2021-44228, CVE-2019-17571). Log4j is widely used across multiple industries for logging PC applications.
Our image acquisition software