Announcement about Denial of Service (DoS) vulnerability for our multi-function printers and single-function printers
March 19, 2021
To our customers,
We sincerely thank you for your continued support of our products.
We would like to inform you about a potential risk coming from Denial of Service (DoS) vulnerability that has been found on our multi-function and single-function printers. The affected multi-function and single-function printers’ models are listed in the chart below.
As of now, there have been no confirmed cases of the occurrence of the attack using the vulnerability. However, in order to ensure that our customers can use our products securely, we would like our customers to confirm if the customers’ devices are listed in the chart and upgrade firmware or implement the workaround that are described in below.
Status of affected models and fixed firmware
|Affected models||Status of fixed firmware|
|DocuCentre-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 / C2273||Released|
|DocuCentre-VII C7788 / C6688 / C5588||Released|
|ApeosPort-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 C2273||Released|
|ApeosPort-VII C7788 / C6688 / C5588||Released|
|ApeosPort C7070 / C6570 / C5570 / C4570 / C3570 / C3070 / C7070G / C6570G / C5570G / C4570G / C3570G / C3070G||Released|
|ApeosPort-VII C4421 / C3321||Plan to release on late April|
|ApeosPort C3060 / C2560 / C2060 / C3060G / C2560G / C2060G||Plan to release on late April|
|ApeosPort-VII CP4421||Plan to release on late April|
|ApeosPort Print C5570||Plan to release on late April|
|ApeosPort 5570 / 4570 / 5570G / 4570G||Plan to release on late April|
|ApeosPort 3560 / 3060 / 2560 / 3560G / 3060G / 2560G||Plan to release on late April|
|ApeosPort-VII 5021/ 4021||Plan to release on late April|
|ApeosPort-VII P5021||Plan to release on late April|
|DocuPrint CP 555 d / 505 d||Plan to release on early May|
|DocuPrint P505 d||Plan to release on early May|
|PrimeLink C9065/C9070||Plan to release on late April|
|DocuPrint CP475AP||Plan to release on late April|
|DocuPrint P475AP||Plan to release on late April|
Detail of the vulnerability
Recently a Denial of Service (DoS) vulnerability was found on our multi-function and single-function printers, according to which, users with network access can sending commands to selected FUJIFILM Business Innovation devices through an unsecured network which can potentially make the machine stop with error code.
However, this vulnerability was found to have no impact on the information stored on these devices.
Vulnerability is simply leading to productivity loss by means of device needs to be turned off and on (to recover), when a system fault error (116-324) is displayed on the operational panel.
The updated firmware is to be downloaded through the network using the remote maintenance service or to be applied by customer service engineers.
For customers who setup auto-download of firmware by EP-BB* 1 maintenance contract, the device firmware will be serially upgraded by EP-BB feature after the release of latest firmware. For other customers who don’t have an EP-BB maintenance contract, please contact “FUJIFILM Business Innovation customer support center” described at the end of the page.
- * 1 Electronic Partnership Broad Band (EP-BB) enabling Smart Remote Service
In order to mitigate the potential risks from this vulnerability, we would advise our customers to implement following workarounds until next firmware fix is released.
- Please see, your FUJIFILM Business Innovation multi-function printers or single-function printers on the network are protected by the firewall etc.
- If external access from internet is permitted, then please consider permitting the access to specific IP address only or use VPN to connect.
We would like to express gratitude to Mr. Masahiro Kawada from Ierae Security Inc. for the finding of the vulnerability.
Please visit local FUJIFILM Business Innovation support website to find for more details.