The latest update to this post is available here!

On Friday 09.12.21 a critical vulnerability (Log4Shell) in the widely used Java library Log4j has been identified. According to the assessment of many authorities, this leads to an extremely critical threat situation, which is why, among others, the Federal Office for Information Security (BSI) in Germany has upgraded its existing cyber security warning to warning level red (see Common Vulnerabilities and Exposures and BSI).

The affected component is also used in some PTV products. This affects both customer installations and the cloud offering of PTV Group.

Overview

List of products (affected, but patched)

PTV xServer internet 1 / PTV xServer internet 2
PTV TLN planner internet
PTV Route Optimizer SaaS / Demonstrator
PTV Developer
PTV Visum Publisher

List of products (affected)

PTV xServer 2.x (on prem)
PTV xServer 1.34 (on prem)
PTV MaaS Modeller

List of products (possibly affected)

PTV Route Optimiser CL
PTV Route Optimiser ST
PTV Map&Market
PTV Arrival Board / Trip Creator / EM Portal
PTV Drive&Arrive

List of products (not affected)

PTV xServer < 1.34 (on prem)
PTV Road Editor
PTV Map&Guide internet
PTV Map&Guide intranet
PTV Navigator Licence Manager
PTV Navigator App
PTV Drive&Arrive App
PTV Visum
PTV Vissim
PTV Vistro
PTV Viswalk
PTV Balance and PTV Epics
PTV Hyperpath
PTV TRE and PTV Tre-Addin
PTV Optima

We have therefore been working on updating the affected PTV products since the vulnerability was announced.

For the vulnerability, there is already a security update from the manufacturer with version Log4j 2.15.0. In addition, all products that use Log4j – including all affected PTV Products – must be adapted.

For cloud products, the update will be performed by PTV in its own data centers.

For customer-owned installations, we will provide an update in the short term and offer it for download. All customers will receive direct information about this in a timely manner.

Concerning further technical questions, please contact your Product Support.