关于「京瓷 Command Center」因存在XSS漏洞而可能受到网络攻击的对应

技术新闻

关于复印机·打印机管理工具「京瓷 Command Center」
因存在XSS漏洞而可能受到网络攻击的对应

2014-07-16

在本公司的复印机·打印机搭载的管理工具「京瓷 Command Center」(以下用Command Center来表示)中,发现在一部分机型上会出现XSS漏洞而受到网络攻击的情况。

虽然这个漏洞在用户访问Command Center时,会受到第三方攻击,任何脚本有可能在用户的浏览器上被执行,但在访问Command Center时,不连接其他网站,则可能规避该网络攻击。

相关机型

黑白多功能数码复合机
·FS-6030MFP / 6025MFP

彩色多功能数码复合机
·FS- C2126MFP+ / C2126MFP
·FS- C8025MFP / C8020MFP

彩色激光打印机
·FS-C5150DN / C5250DN

咨询方式

修复该漏洞的固件已公布,详情请向购入产品的销售商咨询。



Security Announcement ― Cross-Site Scripting (XSS)
Vulnerability in KYOCERA Command Center on MFPs/Printers

July 16, 2014

Dear Customers,

The vulnerability was found in the KYOCERA Command Center* (hereinafter referred to as Command Center) installed in below MFPs and Printers.

*Note: KYOCERA Command Center refers to the web home page that is installed in the MFP/Printer from which you can verify the operating status of the machine and make settings related to security, network printing, e-mail transmission and advanced networking.

A malicious attacker could cause arbitrary scripting code to be executed on the client-side web browser while the user is accessing the Command Center.

The following products are affected:

B/W MFPs
·ECOSYS FS-6030MFP / 6025MFP

Color MFPs
·ECOSYS FS- C2626MFP / C2526MFP
·ECOSYS FS- C8025MFP / C8020MFP

Color Printers
·ECOSYS FS-C5150DN / C5250DN

Solutions:

The firmware update is available. Please contact your dealer for further information.

Scroll to top
XML 地图 | Sitemap 地图