The latest update to this post is available here!
On Friday 09.12.21 a critical vulnerability (Log4Shell) in the widely used Java library Log4j has been identified. According to the assessment of many authorities, this leads to an extremely critical threat situation, which is why, among others, the Federal Office for Information Security (BSI) in Germany has upgraded its existing cyber security warning to warning level red (see Common Vulnerabilities and Exposures and BSI).
The affected component is also used in some PTV products. This affects both customer installations and the cloud offering of PTV Group.
Overview
List of products (affected, but patched)
- PTV xServer internet 1 / PTV xServer internet 2
- PTV TLN planner internet
- PTV Route Optimizer SaaS / Demonstrator
- PTV Developer
- PTV Visum Publisher
List of products (affected)
- PTV xServer 2.x (on prem)
- PTV xServer 1.34 (on prem)
- PTV MaaS Modeller
List of products (possibly affected)
- PTV Route Optimiser CL
- PTV Route Optimiser ST
- PTV Map&Market
- PTV Arrival Board / Trip Creator / EM Portal
- PTV Drive&Arrive
List of products (not affected)
- PTV xServer < 1.34 (on prem)
- PTV Road Editor
- PTV Map&Guide internet
- PTV Map&Guide intranet
- PTV Navigator Licence Manager
- PTV Navigator App
- PTV Drive&Arrive App
- PTV Visum
- PTV Vissim
- PTV Vistro
- PTV Viswalk
- PTV Balance and PTV Epics
- PTV Hyperpath
- PTV TRE and PTV Tre-Addin
- PTV Optima
We have therefore been working on updating the affected PTV products since the vulnerability was announced.
For the vulnerability, there is already a security update from the manufacturer with version Log4j 2.15.0. In addition, all products that use Log4j – including all affected PTV Products – must be adapted.
For cloud products, the update will be performed by PTV in its own data centers.
For customer-owned installations, we will provide an update in the short term and offer it for download. All customers will receive direct information about this in a timely manner.
Concerning further technical questions, please contact your Product Support.