Results 1 to 10 of 11

Thread: Security vulnerabilities in 412 version

Hybrid View

  1. #1
    Join Date
    Aug 2016
    Posts
    6

    Post Security vulnerabilities in 412 version

    We recently updated to the version 412 firmware or version of the E10 Fiery. Since then our vulnerability scans are now seeing over 150 vulnerabilities on the device. Most are related to the PHP version used for the web code, the apache version used, and many are related the openSSL version on the system. Would also like to disable vulnerable SSL protocls like SSL v3 and require TLS 1.2, but don't see options to do this. I have attached the vulnerability list to this post

    Also when the scans run, the scanning tests the shares the fiery sets up and places a file on the Fiery open share. This causes a job to print that wastes about 30 pages of garbled content since it is not printer format I don't need to allow people to upload a file to the Fiery or do any print shop type of management of the jobs,people just print via windows printing share, so how can I properly disable the ability to drop a file into a FTP/Share on the fiery itself? I have tried disabling just about every print function minus the LPD and Port 9100 and it still happens every time a scan is run.

    Where can I find the latest update?
    I tried to use the "Check for product update" link to see if there are fixes released, but that fails connecting to updates.efi.com - And we did verify it is not being blocked by Firewwall or IDS. I tried outside our network and that fails to find that site as well. (412 update was given to us by vendor but they can't seem to figure out either how to secure this system). Is there an easy place to find the updates on the EFI site? I am used to finding a Firmware download section, but am not seeing that on the site.

    In these days of massive hacking and security sensativity, It would be nice if EFI started with a "secure from the start" methodology and then have people have to open the functions they require, rather than having the system be open by default and have to close all the open holes.

    I know EFI is not responsible for holes in Apache and PHP directly, but when they chose to package in their product, they should have regular plans to release security update to match their platform components fixes.
    Attached Files

  2. #2
    Join Date
    May 2009
    Location
    Minneapolis, MN
    Posts
    729

    Default

    What is Fiery model name and what printer brand/model is it connected to?

    ("E-10" could be a number of various Fiery models)

    To better specify exactly what you have:

    In Command WorkStation, go to Device Center / General / General Info. What does string just below "General Info" show?

  3. #3
    Join Date
    Aug 2016
    Posts
    6

    Default

    Konica-Monilta Bizhub 552. I'm not sure what command workstation is - I just go to the web interface that uses Java using java to do the administration via the Fiery IP address.

    Quote Originally Posted by Scott_W View Post
    What is Fiery model name and what printer brand/model is it connected to?

    ("E-10" could be a number of various Fiery models)

    To better specify exactly what you have:

    In Command WorkStation, go to Device Center / General / General Info. What does string just below "General Info" show?

  4. #4
    Join Date
    May 2009
    Location
    Minneapolis, MN
    Posts
    729

    Default

    OK. Go to that same web page and make sure you are on "Home" tab. Under picture of copier, you should see "1.1"
    If you see "1.0", have your KM dealer upgrade your KM IC-412 Fiery controller to "1.1"

    Then....to tackle your security concerns with that Fiery, have the dealer install the following patches, in this order, one at a time (reboot between each):
    1-14GPV4
    1-153Y89
    1-1BJIRQ
    FIT100698425
    FIT213970
    FIT100799778
    FIT195722

  5. #5
    Join Date
    Aug 2016
    Posts
    6

    Default

    I tried to install the first one 1-14GPV4.exe and it says it is already installed. It also shows that all of the ones you listed except FIT100799778 are already installed on top of version 1.1. The dealer must have done them when he installed version 1.1

    Do I have to go through the dealer to get that one I am missing?

    Thank you

  6. #6
    Join Date
    May 2009
    Location
    Minneapolis, MN
    Posts
    729

    Default

    That remaining patch is not security critical - it just fixes how installed patches are listed on Configuration page. Don't worry now about it.

    I wanted to make sure your IC-412 was fully patched, security-wise. It now is.

    So if a current security scan shows vulnerabilities with you Fiery as it is now, then it is possible a fix may be created by patch. But you must escalate this request, via your dealer, through KM Support. They in turn, may escalate formally to EFI.

    Keep in mind this Fiery model is quite old. There comes a time with every product when support ends and no more fixes are released for it.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts