Information of the security risks on Fuji Xerox multifunction and office printers

July 31, 2020
August 20 2020
September 7 2020
September 18 2020

Dear customers,

We sincerely thank you for your continued usage of our products.

Recently we have found that potential security risks may exist (Ripple20: CVE-2020-11896, etc.) for some of our multi-function and office printers (please refer to the list of the affected models as below). We recommend you update your respective models with latest firmware available for any potentially affected model. Please note, before you decide to install mentioned firmware in your environment, we will also encourage you to read through few of suggested workarounds below.

Affected products and release plan of fixed firmware

  • DocuPrint P375 d
  • DocuPrint P375 dw
  • DocuPrint M375 df
  • DocuPrint M375 z
  • DocuPrint P378 d
  • DocuPrint P378 dw
  • DocuPrint M378 d
  • DocuPrint M378 df
  • DocuPrint P285 dw
  • DocuPrint P288 dw
  • DocuPrint M285 z
  • DocuPrint M288 dw
  • DocuPrint M288 z
  • DocuPrint P235 d
  • DocuPrint M235 dw
  • DocuPrint M235 z
  • DocuPrint P275 dw
  • DocuPrint M275 z
  • DocuPrint P225 d
  • DocuPrint M225 dw
  • DocuPrint M225 z
  • DocuPrint P265 dw
  • DocuPrint M265 z
  • DocuPrint P268 d
  • DocuPrint P268 dw
  • DocuPrint M268 dw
  • DocuPrint M268 z
  • DocuPrint P115 w
  • DocuPrint P118 w
  • DocuPrint M115 w
  • DocuPrint M115 fw
  • DocuPrint M115 z
  • DocuPrint M118 w
  • DocuPrint M118 z

Proposed countermeasure

Latest Fuji Xerox firmware release is able to successfully provide with required protection against mentioned security risks.

Customers are requested to update their respective devices with this new firmware at the earliest. Please click here to download the latest copy of the firmware.

Assumed impact

In case of any malicious attempt, non-authorized personal may extract few tens of data bytes from these affected models connected to the network. We have already confirmed that customer information like print data cannot be extracted.

Workarounds

We would like to recommend our customers to apply the below workarounds until the new firmware is installed on your respective devices.

  • Please use our multi-function and office printers with the proper network security settings including protection by firewalls, etc.
  • Please make sure DNS servers with firewalls are applied.

Related information

Please refer to the below reference sites about details of the security risk in public.