DRV8434SEVM: Log4j

Maynard, 

I really have no idea how to answer this. 

I will assign to OSST to see if they know.

Regards, 

Ryan

Hi Maynard,

I have heard about the Log4J remote control access vulnerability that was recently found. It's a quite scary security vulnerability that can potentially allow a malicious individual from remotely controlling a machine so I understand your concern here. I don't think our EVMs can be vulnerable. However, I will reach out to our GUI developers and software engineer experts to verify if Log4J is used by our GUI or cloud-based GUI. Everyone is on vacation right now so I won't be able to get a reply from the team until next week. I will reach out to you with a reply as soon as I get a concrete answer.

Regards,

Pablo Armet

Hi Pablo,

Thank you for your response.

Looking forward for the good news.

Again, thank you in advance.

Regards,
Maynard

Maynard,

Will do

Maynard,

All our recent EVM GUI apps including the DRV8434SEVM GUI are implemented using TI GUI Composer Runtime, https://dev.ti.com/. TI GUI Composer Runtime is widely used across TI portfolio. GUI Composer User’s Guide link: https://dev.ti.com/gc/v2/help/GC_UserGuide_v2/index.html. Like Ryan mentioned it would be appropriate to either OSST or SDTO address this specific question for your customer.

Regards, Murugavel  

Hi Murugavel ,

Thank you for the information, how can we address this specific concern? We do not have process on how we can reach out OSST or SDTO in our side. Will your side will be the one reaching them out?

Thank you in advance.

Regards,
Maynard

Hi Maynard,

I have already assigned it to the SDTO group

The log4j that is in Code Composer Studio comes from Eclipse/CDT which is not part of GUI Composer.  However, I will need to confirm with our developers that there is no log4j coming from any other source in the GUI Composer runtime.

John

Hi John,

Thank you for the information, looking forward to your update.

Thank you in advance.

Regards,
Maynard