A critical vulnerability in Apache Log4j, a logging subsystem commonly used in Java-based applications and solutions, was identified and assigned CVE identifier CVE-2021-44228. Proof-of-concept and exploit code has been published, and ongoing exploitation has been reported.
Upon disclosure of this issue the Acuity Brands Security Team performed an investigation. We found that no products or services of Acuity Brands or its subsidiaries are impacted by the Apache Log4j vulnerability. This includes the Distech Controls and Acuity Brands lines of ECLYPSE building and lighting controllers. Acuity Brands is not recommending any actions relative to our products or services at this time.