Announcement about Denial of Service (DoS) vulnerability for our multi-function printers and single-function printers
March 19, 2021
April 27, 2021
June 22, 2021
To our customers,
We sincerely thank you for your continued support of our products.
We would like to inform you about a potential risk coming from Denial of Service (DoS) vulnerability that has been found on our multi-function and single-function printers. The affected multi-function and single-function printers’ models are listed in the chart below.
As of now, there have been no confirmed cases of the occurrence of the attack using the vulnerability. However, in order to ensure that our customers can use our products securely, we would like our customers to confirm if the customers’ devices are listed in the chart and upgrade firmware or implement the workaround that are described in below.
Status of affected models and fixed firmware
| Affected models | Status of fixed firmware |
|---|---|
| DocuCentre-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 / C2273 | Released |
| DocuCentre-VII C7788 / C6688 / C5588 | Released |
| ApeosPort-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 C2273 | Released |
| ApeosPort-VII C7788 / C6688 / C5588 | Released |
| ApeosPort C7070 / C6570 / C5570 / C4570 / C3570 / C3070 / C7070G / C6570G / C5570G / C4570G / C3570G / C3070G | Released |
| ApeosPort-VII C4421 / C3321 | Released |
| ApeosPort C3060 / C2560 / C2060 / C3060G / C2560G / C2060G | Released |
| ApeosPort-VII CP4421 | Released |
| ApeosPort Print C5570 | Released |
| ApeosPort 5570 / 4570 / 5570G / 4570G | Released |
| ApeosPort 3560 / 3060 / 2560 / 3560G / 3060G / 2560G | Released |
| ApeosPort-VII 5021/ 4021 | Released |
| ApeosPort-VII P5021 | Released |
| DocuPrint CP 555 d / 505 d | Released |
| DocuPrint P505 d | Released |
| PrimeLink C9065/C9070 | Released |
| DocuPrint CP475AP | Released |
| DocuPrint P475AP | Released |
Detail of the vulnerability
Recently a Denial of Service (DoS) vulnerability was found on our multi-function and single-function printers, according to which, users with network access can sending commands to selected FUJIFILM Business Innovation devices through an unsecured network which can potentially make the machine stop with error code.
However, this vulnerability was found to have no impact on the information stored on these devices.
Vulnerability is simply leading to productivity loss by means of device needs to be turned off and on (to recover), when a system fault error (116-324) is displayed on the operational panel.
Troubleshooting
The updated firmware is to be downloaded through the network using the remote maintenance service or to be applied by customer service engineers.
For customers who setup auto-download of firmware by EP-BB* 1 maintenance contract, the device firmware will be serially upgraded by EP-BB feature after the release of latest firmware. For other customers who don’t have an EP-BB maintenance contract, please contact “FUJIFILM Business Innovation customer support center” described at the end of the page.
- * 1 Electronic Partnership Broad Band (EP-BB) enabling Smart Remote Service
Workarounds
In order to mitigate the potential risks from this vulnerability, we would advise our customers to implement following workarounds until next firmware fix is released.
- Please see, your FUJIFILM Business Innovation multi-function printers or single-function printers on the network are protected by the firewall etc.
- If external access from internet is permitted, then please consider permitting the access to specific IP address only or use VPN to connect.
Related information
JVN#37607293 Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)
Gratitude
We would like to express gratitude to Mr. Masahiro Kawada from Ierae Security Inc. for the finding of the vulnerability.
Contact
Please visit local FUJIFILM Business Innovation support website to find for more details.
(e.g.https://www.fujifilm.com/fbsg/en/Contact)