ATRON reacts immediately to possible security gaps in public transport systems
Markt Schwaben (D) / Bronschhofen (CH), December 15, 2021: Due to the recently published IT security gaps (CVE-2021-44228 & CVE-2021-45046) in the server software "Logging for Java" (Log4j), the German Federal Office for Information Security (BSI) has declared the highest warning level (red) for the current situation. The extremely critical Java security gap endangered the IT systems of numerous companies, including public transport companies. Successful exploitation of the vulnerability enables complete takeover of the affected system.
ATRON has been developing and installing fare and operations control systems for public transport in cities and regions for more than 40 years. With intuitive software and future oriented hardware, the company increases the efficiency of transport companies and the comfort of travel for passengers. Due to the dangerous situation, ATRON reacted immediately and provided all ATRON cloud systems (AHS) with the necessary patches and therefore secured the system-relevant background systems for operations control and ticketing. The few ATRON customers who do not use any IT systems hosted by ATRON were contacted directly and the corresponding updates were also initialized. ATRON's security experts support their customers in identifying and closing security gaps in the context of the ATRON systems. There is no need for action for the front-end systems such as on-board computer, validators and ticket vending machines.
In Europe, more than 50 comprehensive ticketing and operations control systems as well as fleet and depot management solutions from ATRON are in use. In order to be able to react immediately to possible irregularities at any time, the company operates a 24/7 service. In addition, ATRON system administrators are available to support the customers at any time.
For further information, see also:
- https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211211_log4Shell_WarnstufeRot.html
- https://govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
- https://www.cve.org/CVERecord?id=CVE-2021-44228