FUJIFILM Business Innovation

Announcement about Denial of Service (DoS) vulnerability for our multi-function printers and single-function printers

March 19, 2021

To our customers,

We sincerely thank you for your continued support of our products.

We would like to inform you about a potential risk coming from Denial of Service (DoS) vulnerability that has been found on our multi-function and single-function printers. The affected multi-function and single-function printers’ models are listed in the chart below.

As of now, there have been no confirmed cases of the occurrence of the attack using the vulnerability. However, in order to ensure that our customers can use our products securely, we would like our customers to confirm if the customers’ devices are listed in the chart and upgrade firmware or implement the workaround that are described in below.

Status of affected models and fixed firmware

Affected models Status of fixed firmware
DocuCentre-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 / C2273 Released
DocuCentre-VII C7788 / C6688 / C5588 Released
ApeosPort-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 C2273 Released
ApeosPort-VII C7788 / C6688 / C5588 Released
ApeosPort C7070 / C6570 / C5570 / C4570 / C3570 / C3070 / C7070G / C6570G / C5570G / C4570G / C3570G / C3070G Released
ApeosPort-VII C4421 / C3321 Plan to release on late April
ApeosPort C3060 / C2560 / C2060 / C3060G / C2560G / C2060G Plan to release on late April
ApeosPort-VII CP4421 Plan to release on late April
ApeosPort Print C5570 Plan to release on late April
ApeosPort 5570 / 4570 / 5570G / 4570G Plan to release on late April
ApeosPort 3560 / 3060 / 2560 / 3560G / 3060G / 2560G Plan to release on late April
ApeosPort-VII 5021/ 4021 Plan to release on late April
ApeosPort-VII P5021 Plan to release on late April
DocuPrint CP 555 d / 505 d Plan to release on early May
DocuPrint P505 d Plan to release on early May
PrimeLink C9065/C9070 Plan to release on late April
DocuPrint CP475AP Plan to release on late April
DocuPrint P475AP Plan to release on late April

Detail of the vulnerability

Recently a Denial of Service (DoS) vulnerability was found on our multi-function and single-function printers, according to which, users with network access can sending commands to selected FUJIFILM Business Innovation devices through an unsecured network which can potentially make the machine stop with error code.
However, this vulnerability was found to have no impact on the information stored on these devices.
Vulnerability is simply leading to productivity loss by means of device needs to be turned off and on (to recover), when a system fault error (116-324) is displayed on the operational panel.

Troubleshooting

The updated firmware is to be downloaded through the network using the remote maintenance service or to be applied by customer service engineers.
For customers who setup auto-download of firmware by EP-BB* 1 maintenance contract, the device firmware will be serially upgraded by EP-BB feature after the release of latest firmware. For other customers who don’t have an EP-BB maintenance contract, please contact “FUJIFILM Business Innovation customer support center” described at the end of the page.

  • * 1 Electronic Partnership Broad Band (EP-BB) enabling Smart Remote Service

Workarounds

In order to mitigate the potential risks from this vulnerability, we would advise our customers to implement following workarounds until next firmware fix is released.

  • Please see, your FUJIFILM Business Innovation multi-function printers or single-function printers on the network are protected by the firewall etc.
  • If external access from internet is permitted, then please consider permitting the access to specific IP address only or use VPN to connect.

Related information

JVN#37607293  FUJIFILM Business Innovation multifunction devices and printers vulnerable to denial-of-service (DoS)

Gratitude

We would like to express gratitude to Mr. Masahiro Kawada from Ierae Security Inc. for the finding of the vulnerability.

Contact

Please visit local FUJIFILM Business Innovation support website to find for more details.
(e.g. https://www.fujixerox.com.sg/en/Contact)