Skip to main content

ControlSuite and the Spring4Shell vulnerability CVE-2022-22965

Article # 3041868 - Page views: 371


Are ControlSuite, Autostore, Equitrac and/or Output Manager components affected by the Spring4Shell vulnerability (CVE-2022-22965)


No, the spring4shell vulnerability CVE-2022-22965 is not applicable to Controlsuite.

The vulnerability is defined as requiring specific versions of Spring (5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and older versions) running on specific versions of Java (JDK9 and above).

Device Web Service (DWS)

DWS is using Spring apps, however it using JDK8, therefore is not vulnerable

Other Applications

  • All Other Equitrac,  Autostore and Output Manager Components do not contain or use Spring Apps.


Applies to:  

Product Version
AutoStore 7 & 6
ControlSuite 1.x
Equitrac 5.x
Output Manager 4.x




Article # 3041868