Notification on the vulnerability for CentreWare Internet Services or Internet Services in FUJIFILM printers

Dear Customers,

Thank you for your continuous support towards FUJIFILM products.

We regret to inform that a potential vulnerability was found in the CentreWare Internet Services or Internet Services in FUJIFILM printers list in the table below.

We recommend customers to check if your printer falls under the list and is affected by those vulnerability. If so, please consider performing the workarounds described below.

Affected products

The models listed below are affected by this vulnerability.

The “Service name” column shows the name of services used in each product.

Details of vulnerability

CentreWare Internet Services or Internet Services are embedded in the above models, and it is possible to operate the devices or change configuration of the devices via web browser. The CentreWare Internet Services have vulnerability against an attack which is called Cross-Site Request Forgery.

Cross-Site Request Forgery (CSRF) is an attack that forces a user to execute unwanted actions on a web application in which they are currently authenticated. With the CentreWare Internet Services or Internet Services, an attacker exploiting the vulnerability may be able to view or change settings and information stored in the device.

Workarounds

We would like to the customers to perform the following procedure to disable the Services to avoid the attacks to the vulnerability.

Please select one of two procedures according to the service name shown in “Service name” column in the Affected Products table above.

How to disable the CentreWare Internet Services

The following describes the configuration procedure for disabling CentreWare Internet Services on the machine.

1. Log in as the system administrator
   1. Display the [Tools] screen
   2. Press the button
   3. Enter the system administrator’s user ID with numeric keypad or the keyboard displayed on the screen, and select [Enter].
      When a passcode is required, select [Next] and enter the system administrator’s passcode, then select [Enter].
   4. Select [Tools] on the [Services Home] screen.
   5. Select [System Settings].
2. Disable the Internet Services (HTTP) port on the machine.
   1. Select [Connectivity & Network Setup].
   2. Select [Port Settings].
   3. Select [Internet Services (HTTP)], and then select [Change Settings].
   4. Select [Port Status], and then select [Change Settings].
   5. Select [Disabled], and then select [Save].
   6. Select [Close] repeatedly until the [Tools] screen is displayed

How to disable the Internet Services

The following describes the configuration procedure for disabling Internet Services on the machine.

1. Log in as the system administrator
   1. Tap the user details display area on the upper left of the screen.
   2. Using the numeric keypad or the displayed keyboard, enter the system administrator's user ID, and tap [Enter].
   3. Tap [Tools] on the Home screen.
2. Disable the Internet Services (HTTP) port on the machine
   1. Select [Connectivity & Network Setup]
   2. Select [Port Settings], and then select [Change Settings].
   3. Select [Port Status], and then select [Change Settings].
   4. Select [Disabled], and then select [Save].
   5. Select [Close] repeatedly until the [Tools] screen is displayed

Below mentioned security tips can further help customers to reduce risk of any potential attacks.

• Please use your multi-function or single-function printers within the network protected by firewall etc.
• If access from the Internet is permitted, please consider allowing the access to restricted IP addresses only or use VPN to connect.

Related Information

Acknowledgement

We would like to express gratitude to Junnosuke Kushibiki, Ryu Kuki, Masataka Mizokuchi, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University for the finding of the vulnerability.

Contact

Please visit the FUJIFILM Business Innovation support website for more details: