FUJIFILM Business Innovation

Notification about the vulnerability for address book protection in our multi-function printers

March 2, 2022
March 3, 2022
March 15, 2022
March 17, 2022

Dear Customers,

We would like to thank you for your continuous support to Fujifilm (former Fuji Xerox) products.

A potential vulnerability caused by the cryptography used to protect the address book was found in some multi-function printers listed in the table below.

If it is used within a firewall, the impact would be reduced, but we recommend customers to check if your multi-function printer falls under the list and is affected by this vulnerability.
If so, please consider upgrading the devices with the fixed firmware described below.

As of now, there are no cases reported on this vulnerability. Listed below are some measures that can be immediately applied to your printer to reduce the impact.

Affected models and the status of fixed firmware

The models listed below are affected by this vulnerability.
Firmware versions listed below DO NOT have this vulnerability.

Affected models Fixed firmware version
(As of March 1 2022)
ApeosPort- IV 7080/6080/5080 -*1
ApeosPort-IV 3065/3060/2060 1.160.5 Or later
ApeosPort-IV 5070/4070/3070 1.140.5 Or later
ApeosPort-IV C4430 1.772.4 Or later
ApeosPort-IV C5570/C4470/C3370/C2270 -*1
ApeosPort-IV C5575/C4475/C3375/C2275 -*1
ApeosPort-IV C7780/C6680/C5580 -*1
ApeosPort-V 4020 1.57.2 Or later
ApeosPort-V 4070/5070 1.57.2 Or later
ApeosPort-V C3320 1.57.2 Or later
ApeosPort-V C5585/C6685/C7785 1.60.0 Or later
ApeosPort-V C7775/C6675/C5575/C4475/C3375/C2275 1.57.2 Or later
ApeosPort-V C7775/C6675/C5575/C4475/C3375/C3373/C2275 T2 2.60.0 Or later
ApeosPort-V C7776/C6676/C5576/C4476/C3376/C2276 1.60.0 Or later
ApeosPort-V C7780/C6680/C5580 1.57.2 Or later
ApeosPort-V C7780/C6680/C5580 T2 2.60.0 Or later
ApeosPort-VI C7771/C6671/C5571/C4471/C3371/C3370/C2271 1.60.4 Or later
ApeosPort-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273 1.60.5 Or later
DocuCentre-IV 3060/2060 1.140.5 Or later
DocuCentre-IV 5070/4070 1.140.5 Or later
DocuCentre-IV 7080/6080/5080 -*1
DocuCentre-IV C2260 -*1
DocuCentre-IV C2263/C2265 1.57.2 Or later
DocuCentre-IV C4430 1.772.4 Or later
DocuCentre-IV C5570/C4470/C3370/C2270 -*1
DocuCentre-IV C5575/C4475/C3375/C2275 -*1
DocuCentre-IV C7780/C6680/C5580 -*1
DocuCentre-V 1060/2060/3060 1.57.1 Or later
DocuCentre-V 4070/5070 1.57.2 Or later
DocuCentre-V 7080/6080/5080 1.57.2 Or later
DocuCentre-V C2263/C2265 1.57.1 Or later
DocuCentre-V C5585/C6685/C7785 1.60.0 Or later
DocuCentre-V C7775/C6675/C5575/C4475/C3375/C2275 1.57.2 Or later
DocuCentre-V C7775/C6675/C5575/C4475/C3375/C3373/C2275 T2 2.60.0 Or later
DocuCentre-V C7776/C6676/C5576/C4476/C3376/C2276 1.60.0 Or later
DocuCentre-V C7780/C6680/C5580 1.57.2 Or later
DocuCentre-V C7780/C6680/C5580 T2 2.60.0 Or later
DocuCentre-VI C7771/C6671/C5571/C4471/C3371/C3370/C2271 1.60.4 Or later
DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2273 1.60.5 Or later
DocuColor 1450 GA 1.57.5 Or later
DocuPrint M465 AP 1.57.2 Or later
DocuPrint CM415 AP 1.57.2 Or later
DocuPrint CM505da 1.772.4 Or later
Fuji Xerox Color C60 / Color C70 1.142.2 Or later
Fuji Xerox Color C75 Press 1.57.1 Or later
Fuji Xerox D125/D110/ D95 1.145.4 Or later
Fuji Xerox D136 Copier/Printer 1.57.1 Or later
Fuji Xerox B9100/B9110/B9125/B9136 1.60.1 Or later
Versant 170i Press/Versant 180i Press 1.57.3 Or later
Versant 80 Press/Versant 180 Press 1.57.1 Or later
  • *1These product models are end of support, and updates may not be available.
    Please contact your account manager, or customer support (https://support-fb.fujifilm.com/)
    Customers using these devices are strongly urged to apply the measures to reduce the impact (listed below).

Details of vulnerability

The administrators of the multi-function printers can export address books into comma-separated values (CSV) files. There is a vulnerability in these CSV files where the cryptography used to protect the information is weak. When the cryptography is cracked, the credentials in the address books are exposed.

  • NoteCustomers who do not use the address book export function are not at risk from this vulnerability.

Measures to reduce the impact

  • Please change your administrator password now and create a strong password that cannot be easily guessed.
  • Please use your multi-function printers within the network protected by firewall, etc.
  • If access from the Internet is permitted, please consider allowing the access to restricted IP addresses only or use VPN to connect.

Eliminating the Vulnerability

The latest firmware to fix the vulnerability is released.

For customers who have accepted the automatic firmware upgrade with the EP-BB maintenance contract, the firmware upgrade will be done by the EP-BB function after the release of the fixed firmware.

For other customers, please contact FUJIFILM Business Innovation via the support website at https://support-fb.fujifilm.com/

  • NoteCaution: If you import the address books (CSV files) which are exported from the same series of the model, please ensure that all export devices and import devices are updated to the fixed firmware.

Related information

Please refer to the below reference sites about details of the security risk in public.

Contact

Please visit local FUJIFILM Business Innovation support website for more details.
https://support-fb.fujifilm.com/