Hanwha Techwin's portfolio of products are not affected by this vulnerability.
Spring4Shell is a flaw in the Spring Framework for Java.
The bug resides in the Java Development Kit (JDK) from version 9.0 and upwards if the system is also using Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions.
In Java Development Kit (JDK) version 9.0 or later, a remote attacker can obtain an AccessLogValve object through the framework's parameter binding feature and use malicious field values to trigger the pipeline mechanism and write to a file in an arbitrary path, if certain conditions are met.
More details about this can be found here: CVE-2022-22965
Product | Comment |
Camera | No vulnerability found. Camera does not use JAVA. Camera products are not affected by Spring4Shell vulnerability. |
DVR/NVR | No vulnerability found. Recorders do not use JAVA therefore are not affected by Spring4Shell vulnerability. |
SSM | SSM uses Spring Framework 5.1.5, but not vulnerable by using version 8.0.252 of JDK and using spring boot executable(JAR) |
WAVE | All Wisenet WAVE services including WAVE Sync, do not use JAVA, and they are not vulnerable to the spring4shell vulnerabilities. |
OSSA Camera | Azena OS does not use JAVA. SO, OSSA Camera products are not affected by Spring4Shell vulnerability. ** we found the code related to the Spring library(passay). But It does not work because there is no spring framework. |