Product security Advisories
FUJIFILM Corporation
Response to Apache Log4j Vulnerability (Log4Shell) (2021)
- Apache Log4j Vulnerability (Log4Shell)
Log4j is a widely used logging tool in Java applications and is provided by the Apache Software Foundation. A vulnerability in Log4j versions 2.0-beta9 through 2.14.1 allows an attacker to remotely execute arbitrary code. For details, please refer to the following external reference website(s).
https://logging.apache.org/log4j/2.x/security.html - Impacts on our products
SYNAPSE VNA software versions 6.3 and later may be affected by this vulnerability.
Fujifilm has released a mitigation script that must be applied to each SYNAPSE VNA software.
All other products are unaffected.
For this security inquiries, contact the sales office where you purchased the product or you are considering purchasing the product.
Response to BlackBerry Real-Time Operating System (RTOS) "QNX" Vulnerability(2021)
- BlackBerry Real-Time Operating System (RTOS) "QNX" Vulnerability
BlackBerry has announced a vulnerability (CVE-2021-22156) in the QNX Real-Time Operating System (RTOS).
Exploitation of this vulnerability could lead to a denial of service or execute arbitrary code on the affected device. For details, please refer to the following external reference website(s).
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
https://us-cert.cisa.gov/ncas/alerts/aa21-229a - Impacts on our products
We have determined that our products are not affected by this vulnerability because they do not use BlackBerry Real-Time Operating System (RTOS) "QNX".
Response to multiple vulnerabilities in Treck TCP/IP stack (Ripple 20) (2020)
- Treck TCP/IP stack vulnerabilities
19 vulnerabilities were found in Treck TCP/IP stack named Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service, or information disclosure. For details, refer to the following external reference website(s).
https://www.jsof-tech.com/ripple20
https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01 - Impacts on our products
Our products do not use Treck TCP/IP which has these vulnerabilities. Therefore, we have determined that they are not affected by these vulnerabilities.
Response to Bluetooth Low Energy Vulnerabilities (SweynTooth)(2020)
- Bluetooth Low Energy Vulnerability (SweynTooth)
FDA issued the following FDA Safety Communication on March 3, 2020.
For details, refer to the following external reference website(s).
https://public4.pagefreezer.com/browse/FDA/08-02-2023T11:48/https://www.fda.gov/medical-devices/safety-communications/sweyntooth-cybersecurity-vulnerabilities-may-affect-certain-medical-devices-fda-safety-communication
It describes information regarding vulnerabilities, named “Sweyn Tooth”, associated with a wireless communication technology known as Bluetooth Low Energy (BLE). - Summary
Successful exploitation of this vulnerability could allow an attacker within wireless range to cause a deadlock, crash, buffer overflow, or to completely bypass security function. For details, refer to the following external reference website(s).
https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01 - Impacts on our products
Our products do not have a Bluetooth function that uses this vulnerable Bluetooth Low Energy (BLE). Therefore, we have determined that they are not affected by these vulnerabilities.
Response to Vulnerabilities of Remote Desktop Service for Windows (2019)
- Vulnerabilities of Remote Desktop Service for Windows
Microsoft Corp. has disclosed vulnerabilities (CVE-2019-0708, CVE-2019-1181 and CVE-1182) of remote desktop service (software for remote control from other computers) installed in the Windows OS. An attacker who successfully exploited these vulnerabilities could install programs, display, modify, or delete data. - Impacts on our products
Remote Desktop Services is enabled on some of our MRI, CT, and X-ray diagnostic imaging system products. We judge that the impact of this vulnerability is small in the assumed network environment. At the request of the customer, it is possible to take measures such as disabling the remote desktop service. Please contact the sales office where you purchased the product.
All other products are not affected by these vulnerabilities because the OS that contains these vulnerabilities is uninstalled, or Remote Desktop Services is disabled.
Response to VxWorks Vulnerabilities (Urgent/11) (2019)
- VxWorks Vulnerabilities
Serious vulnerabilities of VxWorks named “URGENT/11” have been notified on the website of Wind River and it is recommended to take urgent measures. - Summary
URGENT/11 refers to 11 vulnerabilities found in VxWorks TCP/IP stack (IPnet), 6 of which are classified as critical vulnerabilities that allow remote code execution. Other vulnerabilities could also be exploited for denial of service or information disclosure. For details, refer to the following external reference website(s).
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
https://www.armis.com/research/urgent11/ - Impacts on our products
In our MRI system, VxWorks is used as an image processor, but due to the equipment configuration, it is highly unlikely that this vulnerability can be attacked, and we have determined that it is not affected by these vulnerabilities.
All other products are not affected by these vulnerabilities because they do not use VxWorks.
Notice
We currently do not have any urgent announcements.