Announcement about Denial of Service (DoS) vulnerability for our multi-function printers and single-function printers

March 19, 2021
April 27, 2021
June 22, 2021

To our customers,

We sincerely thank you for your continued support of our products.

We would like to inform you about a potential risk coming from Denial of Service (DoS) vulnerability that has been found on our multi-function and single-function printers. The affected multi-function and single-function printers’ models are listed in the chart below.

As of now, there have been no confirmed cases of the occurrence of the attack using the vulnerability. However, in order to ensure that our customers can use our products securely, we would like our customers to confirm if the customers’ devices are listed in the chart and upgrade firmware or implement the workaround that are described in below.

Status of affected models and fixed firmware

Affected models Status of fixed firmware
DocuCentre-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 / C2273 Released
DocuCentre-VII C7788 / C6688 / C5588 Released
ApeosPort-VII C7773 / C6673 / C5573 / C4473 / C3373 / C3372 C2273 Released
ApeosPort-VII C7788 / C6688 / C5588 Released
ApeosPort C7070 / C6570 / C5570 / C4570 / C3570 / C3070 / C7070G / C6570G / C5570G / C4570G / C3570G / C3070G Released
ApeosPort-VII C4421 / C3321 Released
ApeosPort C3060 / C2560 / C2060 / C3060G / C2560G / C2060G Released
ApeosPort-VII CP4421 Released
ApeosPort Print C5570 Released
ApeosPort 5570 / 4570 / 5570G / 4570G Released
ApeosPort 3560 / 3060 / 2560 / 3560G / 3060G / 2560G Released
ApeosPort-VII 5021/ 4021 Released
ApeosPort-VII P5021 Released
DocuPrint CP 555 d / 505 d Released
DocuPrint P505 d Released
PrimeLink C9065/C9070 Released
DocuPrint CP475AP Released
DocuPrint P475AP Released

Detail of the vulnerability

Recently a Denial of Service (DoS) vulnerability was found on our multi-function and single-function printers, according to which, users with network access can sending commands to selected FUJIFILM Business Innovation devices through an unsecured network which can potentially make the machine stop with error code.
However, this vulnerability was found to have no impact on the information stored on these devices.
Vulnerability is simply leading to productivity loss by means of device needs to be turned off and on (to recover), when a system fault error (116-324) is displayed on the operational panel.

Troubleshooting

The updated firmware is to be downloaded through the network using the remote maintenance service or to be applied by customer service engineers.
For customers who setup auto-download of firmware by EP-BB* 1 maintenance contract, the device firmware will be serially upgraded by EP-BB feature after the release of latest firmware. For other customers who don’t have an EP-BB maintenance contract, please contact “FUJIFILM Business Innovation customer support center” described at the end of the page.

  • * 1 Electronic Partnership Broad Band (EP-BB) enabling Smart Remote Service

Workarounds

In order to mitigate the potential risks from this vulnerability, we would advise our customers to implement following workarounds until next firmware fix is released.

  • Please see, your FUJIFILM Business Innovation multi-function printers or single-function printers on the network are protected by the firewall etc.
  • If external access from internet is permitted, then please consider permitting the access to specific IP address only or use VPN to connect.

Related information

JVN#37607293  Fuji Xerox multifunction devices and printers vulnerable to denial-of-service (DoS)

Gratitude

We would like to express gratitude to Mr. Masahiro Kawada from Ierae Security Inc. for the finding of the vulnerability.

Contact

Please visit local FUJIFILM Business Innovation support website to find for more details.
(e.g.https://www.fujifilm.com/fbsg/en/Contact)