Log In
  • Vulnerability Information

    Warning alert system concept, system hacked on computer network, cybercrime and virus, Malicious software, compromised information, illegal connection, data breach cybersecurity vulnerability.warning, hacker, alert, crime, system, security, spyware, attack, network, access, cyber, data, information, internet, message, password, concept, cyber security, protection, server, software, virus, computer, danger, technology, digital, connection, cyberspace, leak, online, safety, website, fraud, malicious, vulnerability, web, antivirus, breach, detection, malware, intrusion, corporate, firewall, privacy, problem, typing, laptop, notebook, notice, red, warning, hacker, alert, crime, system, security, spyware, attack, network, access, cyber, data, information, internet, message, password, concept, cyber security, protection, server, software, virus, computer, danger, technology, digital, connection, cyberspace, leak, online, safety, website, fraud, malicious, vulnerability, web, antivirus, breach, detection, malware, intrusion, corporate, firewall, privacy, problem, typing, laptop, notebook, notice
Warning alert system concept, system hacked on computer network, cybercrime and virus, Malicious software, compromised information, illegal connection, data breach cybersecurity vulnerability
Corporate/Company,  warning,  hacker,  alert,  crime,  system,  security,  spyware,  attack,  network,  access,  cyber,  data,  information,  internet,  message,  password,  concept,  protection,  server,  software,  virus,  computer,  danger,  technology,  digital,  connection,  cyberspace,  leak,  online,  safety,  website,  fraud,  malicious,  vulnerability,  web,  antivirus,  breach,  detection,  malware,  intrusion,  corporate,  firewall,  privacy,  problem,  typing,  laptop,  notebook,  notice,  red,  cyber security,  log4j

Multiple vulnerabilities in B/W small multifunction and single-function printers

Dear Customers,

We deeply appreciate your constant patronage to Konica Minolta products.

Multiple security vulnerabilities have been newly identified in the indicated models.

This advisory provides an overview of the issues and the recommended countermeasures.

Please note that, at the time of writing, there have been no confirmed security incidents globally resulting from the exploitation of these vulnerabilities.

Overview of the vulnerabilities

Ref. ID

Vulnerabilities description

Reference web site

CVE-2017-9765

Stack Buffer Overflow Vulnerability

https://www.cve.org/CVERecord?id=CVE-2017-9765

CVE-2024-2169

Infinite Loop of Messages Between Servers

https://www.cve.org/CVERecord?id=CVE-2024-2169

CVE-2024-51977

Possibility of information leakage in the printer

https://www.cve.org/CVERecord?id=CVE-2024-51977

CVE-2024-51978

Possibility of Authentication Bypass

https://www.cve.org/CVERecord?id=CVE-2024-51978

CVE-2024-51979

Possible Stack Overflow

https://www.cve.org/CVERecord?id=CVE-2024-51979

CVE-2024-51980

Possibility of a forced TCP connection

https://www.cve.org/CVERecord?id=CVE-2024-51980

CVE-2024-51981

Possibility of arbitrary HTTP request execution

https://www.cve.org/CVERecord?id=CVE-2024-51981

CVE-2024-51983

External attacks can cause device to crash

https://www.cve.org/CVERecord?id=CVE-2024-51983

CVE-2024-51984

Possibility of information leakage in the printer due to pass-back attacks

https://www.cve.org/CVERecord?id=CVE-2024-51984

Note: CVE-2024-51978 and CVE-2024-51979 have no impact on bizhub 3080MF/3000MF

Affected Models and the countermeasure firmware

Product name

Program name

Affected version

Fixed version

bizhub 5020i

Main-Firmware

U2406280431(Ver R) or earlier

U2412241059 (Ver S)or later

Sub-Firmware

1.13 or earlier

1.15 or later

bizhub 5000i

Main-Firmware

1.32 or earlier

1.33 or later

Sub-Firmware

1.13 or earlier

1.15 or later

bizhub 4020i

Main-Firmware

U2406280431(Ver R)or earlier

U2412241059(Ver S)or later

Sub-Firmware

1.13 or earlier

1.15 or later

bizhub 4000i

Main-Firmware

1.28 or earlier

1.29 or later

Sub-Firmware

1.13 or earlier

1.15 or later

bizhub 3080MF

Controller firmware

N2403271808 or earlier

P2412101158 or later

bizhub 3000MF

Controller firmware

M2403271743 or earlier

N2412101132 or later

Remediations

2.1 Firmware update The above vulnerabilities are remediated by applying a firmware upgrade to the affected devices. To enable the swiftest remediation for customers the firmware has been made available for customers to download and apply to affected devices.

2.2 Password updating As an additional mitigation we recommend that if the default administrator password has not yet been changed it is updated to a complex and unique password immediately after the firmware upgrade. For further information on how to do this, user manuals can be found

Vulnerability Specific Recommendations

Ref. ID

Mitigations

CVE-2017-9765

Disable WSD feature.

CVE-2024-2169

Disable TFTP.

CVE-2024-51977

Upgrade to the latest firmware. (There is no workaround available.)

CVE-2024-51978

Change the administrator password from the default value.

CVE-2024-51979

Change the administrator password from the default value.

CVE-2024-51980

Disable WSD feature.

CVE-2024-51981

Disable WSD feature.

CVE-2024-51983

Disable WSD feature.

CVE-2024-51984

Disable WSD feature.

Firmware update procedure

Important Note Before proceeding, please verify the sub firmware version of your device. If the sub firmware is identified as b.X (for example, b.12), the downloadable firmware update should not be installed. In such cases, please contact your Konica Minolta service representative for further assistance.

General Security Recommendations

To ensure a secure operating posture for your multifunction devices, and to reduce exposure to the vulnerabilities described in this advisory, Konica Minolta strongly recommends applying the following configuration best practices:

Enhancing the Security of Products and Services

Konica Minolta considers the security of its products and services to be an important responsibility and will continue to actively respond to incidents and vulnerabilities.

Contact

Self-Service Portal (Ebiz): Access our user-friendly portal below. Here, you can conveniently sign up or utilise our Guest functionality.

For all account related queries please contact your Account Manager or email enquiries@konicaminolta.co.uk