MX-2614N, MX-3114N (serv.man105). CCE-1317 OPEN SSL VULNERABILITY FIRMWARE RELEASE FOR FIELD SUPPORT VERSION - Sharp Copying Equipment Technical Bulletin (repair manual)

mx-2614n, mx-3114n (serv.man105) technical bulletin
Model
MX-2614N MX-3114N (serv.man105)
Pages
4 Few pages! See other manuals at the bottom of the first or last page.
Size
242.22 KB
Type
PDF
Document
Technical Bulletin
Brand
Device
Copying Equipment / CCE-1317 OPEN SSL VULNERABILITY FIRMWARE RELEASE FOR FIELD SUPPORT VERSION
File
mx-2614n-mx-3114n-sm105.pdf
Date

Read Sharp MX-2614N / MX-3114N (serv.man105) Technical Bulletin online

 
                                            Sharp Electronics (UK) Ltd., Document Systems Support 
 
 
 
 
1/4 
 
Date:  
 
4th June 2014 
Model:   
 
See below 
Ref.:   
 
CCE-1317 
Colour:   
 
White 
Page: 
 
1 of 3 
TECHNICAL BULLETIN 
OPEN SSL VULNERABILITY   
FIRMWARE RELEASE   
FOR FIELD SUPPORT VERSION 
 
1. Model Name: 
MX-2614N/3114N (Except for Russia) 
 
 
MX-2615N/3115N (For USA) 
 
 
MX-FR40U (Data Security Kit for MX-2614N/3114N/2615N/3115N) 
 
 
MX-4140N/4141N/5140N/5141N 
 
 
MX-FR42U (Data Security Kit for MX-4140N/4141N/5140N/5141N) 
 
 
MX-M365N/M465N/M565N 
 
 
MX-FR44U (Data Security Kit for MX-M365N/M465N/M565N) 
 
 
MX-C250/C250E/C250F/C250FE/C300/C300A/C300E/C300F/C300W/C300WE 
 
 
MX-C300P/C300PE/C300PL 
 
2. Description: 
New firmware to resolve the vulnerability of Open SSL on our digital Multifunction printers   
 
 
listed above has been released. 
 
 
Data can properly be protected by taking countermeasures (placing MFP within the firewall   
 
 
etc.) described in [Appendix-1].    For the customer who are unable to do these   
 
 
countermeasures due to circumstances beyond their control, please update the firmware to   
 
 
this version. 
Model Name 
Target Version 
Supported Version 
MX-2614N/3114N (Except for Russia) 
MX-2615N/3115N (For USA) 
0600G200 or later 
0600G2c0 
MX-FR40U 
(Data Security Kit for MX-2614N/3114N/2615N/3115N) 
0600Gd00 or later 
0600Gdc0 
MX-4140N/4141N/5140N/5141N 
All 
0201R2a0 
MX-FR42U 
(Data Security Kit for MX-4140N/4141N/5140N/5141N) 
All 
0200Rda0 
MX-M365N/M465N/M565N 
All 
0200o1d0 
MX-FR44U 
(Data Security Kit for MX-M565N/M465N/M365N) 
All 
0200oca0 
MX-C250/C250E/C250F/C250FE 
MX-C300/C300A/C300E/C300F/C300W/C300WE 
All 
0203E1b0 
MX-C300P/C300PE/C300PL 
All 
0102Y1a0 
 
 
    * Other models of MFP or options than above are not affected. 
 
 
                                              Sharp Electronics (UK) Ltd., Document Systems Support 
 
 
 
2/4   
 
 
Required Operation after Updating the Firmware 
 
    Whether the MFP had already been attacked or not is not clear, since the private key of the MFP or   
 
    admin/user passwords can be stolen without any trace in such a case. To avoid information leak   
 
    using the stolen private key or illegal access using the stolen admin/user passwords, the following   
 
    operations are required: 
 
    1. Change admin and user passwords 
 
        Please enforce users to manage the new passwords properly and not to forget them. 
 
    2. Reissue SSL server certificate (not required for Neo MFP and Neo Printer) 
 
        The MFP SSL server certificate that was used before updating the firmware shall be revoked and   
 
        reissued. 
 
        When SSL certificate was used by default settings: Enter [Security Settings]-[SSL   
 
        Settings]-[Certificate Creation] from System Settings, enter appropriate information and click 
 
       
“Submit”. 
 
        When CA-signed SSL certificate was introduced: Enter [Security Settings]-[SSL Settings]-[Make of 
 
        Certificate Signing Request(CSR)] from System Settings, enter appropriate information and click   
 
       
“Execute”. Then send the created CSR to the CA. The CA signs a new certificate and sends it   
 
        back.    Install the signed certificate from [Security Settings]-[SSL Settings]-[Installation of   
 
        Certificate]. Some major CAs offer free reissue of a certificate. 
 
 
                                    Sharp Electronics (UK) Ltd., Document Systems Support 
 
 
 
3/4 
[Appendix-1] 
 
          1. Summary of Vulnerability 
 
Due to the bug existing to the specific version of OpenSSL which is software module of open-source   
 
encrypted communication, the malicious attacker can illegally read the contents of data in the memory   
 
of the communication partner. 
 
Contents of the memory may include the secret key and the detail of communication on the server,   
 
depending on the timing of reading. 
 
          2. Extent of impact with vulnerability when using our product/service 
 
Following countermeasures will enable the c
ustomer’s information to be properly protected.   
 
Please check the installation status/setting status. 
 
         
■ When connecting from external device to Digital Malfunction Printer;   
 
The information of Admin password of MFP or secret key used for SSL communication may illegally be   
 
read by the attack of the malicious attacker.    However, those information can be protected from the   
 
unauthorized access from outside by placing MFP within the firewall. 
 
 
 
 
 
 
 
 
 
 
         
■When connecting from MFP to the external server; 
 
Please limit the communication only with the reliable server.   
 
As for the access to the external website using Web Browsing Expansion Kit (MX-AM10), even though   
 
the model is applicable to this vulnerability, it is not affected as the used software module is different. 
 
 
 
 
 
 
 
 
 
 
                                              Sharp Electronics (UK) Ltd., Document Systems Support 
 
 
 
4/4   
 
Page of 4
Display

Download Sharp MX-2614N / MX-3114N (serv.man105) Technical Bulletin

Here you can read online and download Sharp MX-2614N / MX-3114N (serv.man105) Technical Bulletin in PDF. MX-2614N / MX-3114N (serv.man105) technical bulletin will guide through the process and help you recover, restore, fix, disassemble and repair Sharp MX-2614N / MX-3114N (serv.man105) Copying Equipment. Information contained in service manuals typically includes schematics / circuit diagrams, wiring diagrams, block diagrams, printed wiring boards, exploded views, parts list, disassembly / assembly, pcb.