关于「京瓷 Command Center」因存在XSS漏洞而可能受到网络攻击的对应
技术新闻
关于复印机·打印机管理工具「京瓷 Command Center」
因存在XSS漏洞而可能受到网络攻击的对应
2014-07-16
在本公司的复印机·打印机搭载的管理工具「京瓷 Command Center」(以下用Command Center来表示)中,发现在一部分机型上会出现XSS漏洞而受到网络攻击的情况。
虽然这个漏洞在用户访问Command Center时,会受到第三方攻击,任何脚本有可能在用户的浏览器上被执行,但在访问Command Center时,不连接其他网站,则可能规避该网络攻击。
相关机型黑白多功能数码复合机
·FS-6030MFP / 6025MFP
彩色多功能数码复合机
·FS- C2126MFP+ / C2126MFP
·FS- C8025MFP / C8020MFP
彩色激光打印机
·FS-C5150DN / C5250DN
修复该漏洞的固件已公布,详情请向购入产品的销售商咨询。
Security Announcement ― Cross-Site Scripting (XSS)
Vulnerability in KYOCERA Command Center on MFPs/Printers
July 16, 2014
Dear Customers,
The vulnerability was found in the KYOCERA Command Center* (hereinafter referred to as Command Center) installed in below MFPs and Printers.
*Note: KYOCERA Command Center refers to the web home page that is installed in the MFP/Printer from which you can verify the operating status of the machine and make settings related to security, network printing, e-mail transmission and advanced networking.
A malicious attacker could cause arbitrary scripting code to be executed on the client-side web browser while the user is accessing the Command Center.
The following products are affected:B/W MFPs
·ECOSYS FS-6030MFP / 6025MFP
Color MFPs
·ECOSYS FS- C2626MFP / C2526MFP
·ECOSYS FS- C8025MFP / C8020MFP
Color Printers
·ECOSYS FS-C5150DN / C5250DN
The firmware update is available. Please contact your dealer for further information.