Information Critical Security Vulnerability

Log4J

Log4J – 2nd update

Langenhagen, Germany, 17 December 2021

This is an update on the recent communication about a critical vulnerability with the highest risk rating affecting certain applications and services that we have provided a few days ago. Details can be found when scrolling down.

We are working with highest priority and speed on evaluating which of our offered applications are affected. 

So far, we can confirm that we checked the status of the following software and services and confirm they are not affected by the vulnerability:

  • bizhub Evolution
  • CSRC
  • Remote Service Platform (RSP)
  • Konica Minolta Remote Support (KMRS)
  • AccurioPro Flux, Dispatcher Phoenix
  • FleetRMM
  • dokoni Find
  • dokoni Sync&Share
  • M-Files
  • eCopy PDF Pro Office
  • OL Connect
  • BENS PP spool
  • BENS Server
  • Document Navigator
  • Site Audit
  • Direct Smile/MDxM (Market Direct Cross Media)
  • Power PDF
  • PageScope Enterprise Suite (PSES)
  • PrintFleet
  • Remote Deployment Tool (RDT)
  • EveryonePrint (Mobile Print)
  • EveryonePrint Hybrid Cloud Platform (HCP)
  • convert+share
  • Pcounter
  • bizhub Remote Panel (Remote Panel Server)
  • Box Operator
  • Data Administrator
  • HDD BackUp Utility

  • HDD TWAIN Driver
  • IWS Deployment Tool
  • License Install Utility
  • Log Management Utility
  • Panel Customize Tool
  • Print Status Notifier
  • Real Time Mode TWAIN Driver
  • Tools for LK-114
  • IJ Manager, JobCentro
  • ColorCentro
  • AccurioPro Variable Data (Plugin for Indesign)
  • Colibri, SpectraMagic DX
  • SpectraMagic NX
  • PaperManager
  • Easy Checker 2007
  • bizhub ECO Treedom
  • Assistant App
  • Browser registration tool
  • Connector for SMB
  • Connector for FTP
  • Connector for WebDAV
  • Scan to Servers (WPH)
  • IWS generation two
  • Primera Retail App
  • Boot screen converter
  • SECURE Notifier Widget
  • Widgets in general – IT 6 and IWS GEN 2
  • OP Products
Regarding hardware, Konica Minolta’s own MFPs are not affected, as well as for PP products the EFI Fiery controller and the Creo controller are not affected. Bens G4 and USB card reader / Authentication device Hardware are not affected either.

The status of software and services that are not on the list is still under evaluation. 

As the security of our devices, applications and services is of highest concern, we are working on resolving the topic with highest priority and speed and will keep posting updates on the missing software/services as fast as possible.



 

Log4J - 1st Update


Langenhagen, Germany, 13 December 2021

Konica Minolta has been made aware of a critical vulnerability with the highest risk rating affecting certain applications and services.

The threat is a remote code execution (CVE-2021-44228) vulnerability affecting all service providers using Java library Log4J (all versions 2.# before version 2.15.0). If exploited, this vulnerability allows remote code execution on vulnerable servers, giving an attacker the ability to import malware that allows them to take control of targeted systems.

Since this is still an early stage, we do not yet have a list of affected applications/offerings from Konica Minolta for you. We are currently evaluating which versions of which offered applications are affected and if so, how to remedy the vulnerability.

Regarding our internal systems, we have proactively disconnected all 590 internet facing systems from the internet on Sunday, 2 pm CET, to protect customer data and services. After a thorough investigation we were able to patch and verify most of the systems and have been reconnected to the Internet on Sunday, 11 pm CET. The remaining systems will be reconnected to the internet once we ensured that they are not vulnerable.

For Konica Minolta, the security of our devices, applications and services is of highest concern. We are working on resolving the topic with highest priority and speed and will provide regular updates.