Digital Transformation

Information of the security risks on Fuji Xerox multifunction and office printers

Information of the security risks on Fuji Xerox multifunction and office printers

July 31st, 2020

Dear customers,

We sincerely thank you for your continued usage of our products.

Recently we have found that potential security risks may exist (Ripple20: CVE-2020-11896, etc.) for some of our multi-function and office printers (please refer to the list of the affected models as below). We are in the process of preparing new firmware, and plan to release it as shown below.

Post this release, we recommend you update your respective models with this new firmware. Before mentioned firmware is released, we encourage you to please consider suggested workarounds, as explained below.

 

Affected products and release plan of fixed firmware

DocuPrint P375 d (Late August 2020)

DocuPrint P375 dw (Late August 2020)

DocuPrint M375 df (Late August 2020)

DocuPrint M375 z (Late August 2020)

DocuPrint P378 d (Late August 2020)

DocuPrint P378 dw (Late August 2020)

DocuPrint M378 d (Late August 2020)

DocuPrint M378 df (Late August 2020)

DocuPrint P285 dw (Mid September 2020)

DocuPrint P288 dw (Mid September 2020)

DocuPrint M285 z (Mid September 2020)

DocuPrint M288 dw (Mid September 2020)

DocuPrint M288 z (Mid September 2020)

DocuPrint P235 d (Mid September 2020)

DocuPrint M235 dw (Mid September 2020)

DocuPrint M235 z (Mid September 2020)

DocuPrint P275 dw (Mid September 2020)

・DocuPrint M275 z (Mid September 2020)

DocuPrint P225 d (Early September 2020)

DocuPrint M225 dw (Early September 2020)

DocuPrint M225 z (Early September 2020)

DocuPrint P265 dw (Early September 2020)

DocuPrint M265 z (Early September 2020)

DocuPrint P268 d (Early September 2020)

DocuPrint P268 dw (Early September 2020)

DocuPrint M268 dw (Early September 2020)

DocuPrint M268 z (Early September 2020)

DocuPrint P115 w (Early October 2020)

DocuPrint P118 w (Early October 2020)

DocuPrint M115 w (Early October 2020)

DocuPrint M115 fw (Early October 2020)

DocuPrint M115 z (Early October 2020)

DocuPrint M118 w (Early October 2020)

DocuPrint M118 z (Early October 2020)

 

Assumed impact

In case of any malicious attempt, non-authorized personal may extract few tens of data bytes from these affected models connected to the network. We have already confirmed that customer information like print data cannot be extracted.

 

Workarounds

We would like to recommend our customers to apply the below workarounds until the new firmware is released.

Please use our multi-function and office printers with the proper network security settings including protection by firewalls, etc.

Please make sure DNS servers with firewalls are applied.

 

Related information

Please refer to the below reference sites about details of the security risk in public.

  • CVE-2020-11896https://nvd.nist.gov/vuln/detail/CVE-2020-11896
  • CVE-2020-11898https://nvd.nist.gov/vuln/detail/CVE-2020-11898
  • CVE-2020-11900https://nvd.nist.gov/vuln/detail/CVE-2020-11900
  • CVE-2020-11901https://nvd.nist.gov/vuln/detail/CVE-2020-11901
  • CVE-2020-11902https://nvd.nist.gov/vuln/detail/CVE-2020-11902
  • CVE-2020-11903https://nvd.nist.gov/vuln/detail/CVE-2020-11903
  • CVE-2020-11906https://nvd.nist.gov/vuln/detail/CVE-2020-11906
  • CVE-2020-11907https://nvd.nist.gov/vuln/detail/CVE-2020-11907
  • CVE-2020-11908https://nvd.nist.gov/vuln/detail/CVE-2020-11908
  • CVE-2020-11909https://nvd.nist.gov/vuln/detail/CVE-2020-11909
  • CVE-2020-11910https://nvd.nist.gov/vuln/detail/CVE-2020-11910
  • CVE-2020-11911https://nvd.nist.gov/vuln/detail/CVE-2020-11911
  • CVE-2020-11912https://nvd.nist.gov/vuln/detail/CVE-2020-11912
  • CVE-2020-11913https://nvd.nist.gov/vuln/detail/CVE-2020-11913
  • CVE-2020-11914https://nvd.nist.gov/vuln/detail/CVE-2020-11914