Search Support Database

Nox Medical log4j statement

Overview

This document contains information about the assessment of log4j software within Nox Medical Products

 

Results

The summary of the Nox Medical assessment is the following:

 

Leaders of the Nox Medical Engineering Team have assessed the Nox Medical Systems to identify if the systems are affected by the log4j vulnerability. The assessment is documented in the following records:

- Nox Sleep System BLE - Cybersecurity Management (TF-02653 : REV02)

- Nox Sleep System - Cybersecurity Management (TF-00075 : REV09)

 

The following products are under scope:

- Noxturnal

- Noxturnal App

- C1 Access Point

- A1s Recorder

 

Notes:

A special consideration was added for possible hazards introduced by the log4j vulnerability (CVE-2021-45046). The only component developed in the java programming language in the systems is the Noxturnal App, which does not include the log4j software package. The Nox C1 Access Point runs a Linux OS with a number of 3rd party packages installed. An assessment shows that the Nox C1 Access Point does not contain any java runtime environment and the log4j software package is not installed on the device.

 

Result:

The Nox Sleep systems are not affected by the Log4j vulnerability. 

 

Guðmundur Hauksson - Director of Engineering

 

LBL-0309

*Please note that not all features or all products are available in all markets. Our products are medical devices and subject to registration/approval in each market area. For more information on product availability please contact support@noxmedical.com

Print Friendly and PDF
Was this article helpful?
0 out of 0 found this helpful

Have more questions? Submit a request

Comments