Notification about the vulnerability for address book protection in our multi-function printers
March 2, 2022
March 3, 2022
March 15, 2022
March 17, 2022
Dear Customers,
We would like to thank you for your continuous support to Fujifilm (former Fuji Xerox) products.
A potential vulnerability caused by the cryptography used to protect the address book was found in some multi-function printers listed in the table below.
If it is used within a firewall, the impact would be reduced, but we recommend customers to check if your multi-function printer falls under the list and is affected by this vulnerability.
If so, please consider upgrading the devices with the fixed firmware described below.
As of now, there are no cases reported on this vulnerability. Listed below are some measures that can be immediately applied to your printer to reduce the impact.
Affected models and the status of fixed firmware
The models listed below are affected by this vulnerability.
Firmware versions listed below DO NOT have this vulnerability.
| Affected models | Fixed firmware version (As of March 1 2022) |
|---|---|
| ApeosPort- IV 7080/6080/5080 | -*1 |
| ApeosPort-IV 3065/3060/2060 | 1.160.5 Or later |
| ApeosPort-IV 5070/4070/3070 | 1.140.5 Or later |
| ApeosPort-IV C4430 | 1.772.4 Or later |
| ApeosPort-IV C5570/C4470/C3370/C2270 | -*1 |
| ApeosPort-IV C5575/C4475/C3375/C2275 | -*1 |
| ApeosPort-IV C7780/C6680/C5580 | -*1 |
| ApeosPort-V 4020 | 1.57.2 Or later |
| ApeosPort-V 4070/5070 | 1.57.2 Or later |
| ApeosPort-V C3320 | 1.57.2 Or later |
| ApeosPort-V C5585/C6685/C7785 | 1.60.0 Or later |
| ApeosPort-V C7775/C6675/C5575/C4475/C3375/C2275 | 1.57.2 Or later |
| ApeosPort-V C7775/C6675/C5575/C4475/C3375/C3373/C2275 T2 | 2.60.0 Or later |
| ApeosPort-V C7776/C6676/C5576/C4476/C3376/C2276 | 1.60.0 Or later |
| ApeosPort-V C7780/C6680/C5580 | 1.57.2 Or later |
| ApeosPort-V C7780/C6680/C5580 T2 | 2.60.0 Or later |
| ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C3370/C2271 | 1.60.4 Or later |
| ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273 | 1.60.5 Or later |
| DocuCentre-IV 3060/2060 | 1.140.5 Or later |
| DocuCentre-IV 5070/4070 | 1.140.5 Or later |
| DocuCentre-IV 7080/6080/5080 | -*1 |
| DocuCentre-IV C2260 | -*1 |
| DocuCentre-IV C2263/C2265 | 1.57.2 Or later |
| DocuCentre-IV C4430 | 1.772.4 Or later |
| DocuCentre-IV C5570/C4470/C3370/C2270 | -*1 |
| DocuCentre-IV C5575/C4475/C3375/C2275 | -*1 |
| DocuCentre-IV C7780/C6680/C5580 | -*1 |
| DocuCentre-V 1060/2060/3060 | 1.57.1 Or later |
| DocuCentre-V 4070/5070 | 1.57.2 Or later |
| DocuCentre-V 7080/6080/5080 | 1.57.2 Or later |
| DocuCentre-V C2263/C2265 | 1.57.1 Or later |
| DocuCentre-V C5585/C6685/C7785 | 1.60.0 Or later |
| DocuCentre-V C7775/C6675/C5575/C4475/C3375/C2275 | 1.57.2 Or later |
| DocuCentre-V C7775/C6675/C5575/C4475/C3375/C3373/C2275 T2 | 2.60.0 Or later |
| DocuCentre-V C7776/C6676/C5576/C4476/C3376/C2276 | 1.60.0 Or later |
| DocuCentre-V C7780/C6680/C5580 | 1.57.2 Or later |
| DocuCentre-V C7780/C6680/C5580 T2 | 2.60.0 Or later |
| DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C3370/C2271 | 1.60.4 Or later |
| DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273 | 1.60.5 Or later |
| DocuColor 1450 GA | 1.57.5 Or later |
| DocuPrint M465 AP | 1.57.2 Or later |
| DocuPrint CM415 AP | 1.57.2 Or later |
| DocuPrint CM505da | 1.772.4 Or later |
| Fuji Xerox Color C60 / Color C70 | 1.142.2 Or later |
| Fuji Xerox Color C75 Press | 1.57.1 Or later |
| Fuji Xerox D125/D110/ D95 | 1.145.4 Or later |
| Fuji Xerox D136 Copier/Printer | 1.57.1 Or later |
| Fuji Xerox B9100/B9110/B9125/B9136 | 1.60.1 Or later |
| Versant 170i Press/Versant 180i Press | 1.57.3 Or later |
| Versant 80 Press/Versant 180 Press | 1.57.1 Or later |
- *1These product models are end of support, and updates may not be available.
Please contact your account manager, or customer support (https://support-fb.fujifilm.com/)
Customers using these devices are strongly urged to apply the measures to reduce the impact (listed below).
Details of vulnerability
The administrators of the multi-function printers can export address books into comma-separated values (CSV) files. There is a vulnerability in these CSV files where the cryptography used to protect the information is weak. When the cryptography is cracked, the credentials in the address books are exposed.
- NoteCustomers who do not use the address book export function are not at risk from this vulnerability.
Measures to reduce the impact
- Please change your administrator password now and create a strong password that cannot be easily guessed.
- Please use your multi-function printers within the network protected by firewall, etc.
- If access from the Internet is permitted, please consider allowing the access to restricted IP addresses only or use VPN to connect.
Eliminating the Vulnerability
The latest firmware to fix the vulnerability is released.
For customers who have accepted the automatic firmware upgrade with the EP-BB maintenance contract, the firmware upgrade will be done by the EP-BB function after the release of the fixed firmware.
For other customers, please contact FUJIFILM Business Innovation via the support website at https://support-fb.fujifilm.com/
- NoteCaution: If you import the address books (CSV files) which are exported from the same series of the model, please ensure that all export devices and import devices are updated to the fixed firmware.
Related information
Please refer to the below reference sites about details of the security risk in public.
Contact
Please visit local FUJIFILM Business Innovation support website for more details.
https://support-fb.fujifilm.com/