Updated April 8, 2022
On March 31, 2022, Spring4Shell was disclosed as a vulnerability that impacts the Java Spring development framework. The vulnerability, known as CVE-2022-22965, impacts Java’s Spring versions 5.3.0 - 5.3.17, 5.2.0 - 5.2.19 and older. Threat actors are actively seeking vulnerable systems and exploiting the vulnerability
Based on our analysis, we have determined that Motorola Solutions systems, products and software are not affected by the Spring4Shell vulnerability.
Our analysis currently applies to Motorola Solutions-developed software only.
We take this matter very seriously and our Security Operations Center continues to monitor the potential impact of this threat across all Motorola Solutions systems, products and software. We will continue to deploy security controls across our operations and encourage our customers to take the steps noted below to protect their systems.
Please continue to refer back to this web page for the most recent information. If you have any questions, please contact your local account management team member.
Protecting your systems
As a general practice, we strongly recommend that Motorola Solutions customers regularly take the following steps to protect their systems:
Review user and administrative accounts to ensure no unauthorized accounts are present.
When possible, do not allow internet exposure for mission-critical devices and/or systems; when internet exposure is required, always apply strong security controls.
Apply all updates provided by Motorola Solutions and other vendors as soon as possible.
Contact your security device vendors (i.e., web application firewall vendors) to confirm that all detection or preventative capabilities have been applied.
- Monitor Spring Framework Open Source Community updates and the DHS Cybersecurity & Infrastructure Security Agency’s (CISA) vulnerability note.