Critical Security Vulnerability Information

Spring4Shell - Spring Core RCE and Spring Cloud Function RCE

Home Support Critical Security Vulnerability Information Spring4Shell
 

2nd update – 11 April 2022


This is an update on the recent communication about a critical vulnerability with the highest risk rating affecting certain applications and services that we have provided a few days ago. The threats are remote code execution vulnerabilities Spring4Shell – Spring Core RCE (CVE-2022-22965) and Spring Cloud RCE (CVE- 2022-22963) (please scroll down to previous updates for details).
 
We can confirm that we checked the status of the following software, services and products and confirm they are not affected by the vulnerability.
 
If you don’t find a specific product you have from our offering on these lists, please get in touch with us.
 
For updates regarding the impacts on applications of our partner Ysoft, please check this Ysoft-webpage and scroll down – you will find an updated pdf in the section “Security Bulletin” named  “YSoft SAFEQ SPRING4SHELL VULNERABILITY”.
 

Applications

 

Cloud and Mobile Printing

  • EveryonePrint Hybrid Cloud Platform (HCP)
  • EveryonePrint (Mobile Print)
  • KM Mobile Print 

Colour Management

  • ColorCentro

Device Management

  • Fleet RMM
  • Remote Deployment Tool (RDT)
  • CS Remote Care (CSRC)
  • Net Care Device Manager (NCDM)
  • Remote Service Platform (RSP)

Document Capture & Management

  • Dispatcher Phoenix
  • Document Navigator 
  • dokoni FIND

Information Management

  • M-Files
  • dokoni FIND

Platform Technologies

  • Workplace Pure
  • Konica Minolta MarketPlace

Security

  • bEST Guard
  • Shield Guard

Variable Data publishing

  • PlanetPress
  • OL Connect (version 2018.1 or later)
    • PrintShop Mail Connect (version 2018.1 or later)
    • PlanetPress Connect (version 2018 or later)
    • PReS Connect (version 2018 or later)


Office Printing

Office Printing A3 BK

  • bizhub 423/363/283/223 
  • bizhub 652/552/602/502 
  • bizhub 754/654/754e/654e 
  • bizhub 554/454/364/284/224/554e/454e/364e/284e/224e 
  • bizhub 958/808/758, bizhub PRO 958 
  • bizhub 558/458/368/308 
  • bizhub 658e/558e/458e/368e/308e 
  • bizhub 367/287/227 
  • bizhub 750i 
  • bizhub 650i/550i/450i/360i/300i 
  • bizhub 306i/266i/246i/226i 
  • bizhub 246/226/206 
  • bizhub 225i/205i 
  • bizhub 185e/165e 
  • bizhub 185en/165en 
  • bizhub 306/266 

Office Printing A3 Color

  • bizhub C360/C280/C220 
  • bizhub C652/C652DS/C552/C552DS/C452 
  • bizhub C754/C654/C754e/C654e 
  • bizhub C554/C454/C364/C284/C224/ C554e/C454e/C364e/C284e/C224e 
  • bizhub C281/C221/C221s 
  • bizhub C658/C558/C458 
  • bizhub C368/C308/C258 
  • bizhub C287/C227 
  • bizhub C759/C659 
  • bizhub C286/C226 
  • bizhub C360i/C300i/C250i 
  • bizhub C650i/C550i/C450i 
  • bizhub C750i 
  • bizhub C287i/C257i/C227i/C266i/C256i/C226i 

Office Printing A4 BK

  • bizhub 4750/4050 
  • bizhub 4752/4052 
  • bizhub 4750i/4050i 
  • bizhub 4700i 
  • bizhub 5020i 
  • bizhub 4020i 
  • bizhub 5000i 
  • bizhub 4000i 
  • pagepro 1550DN 
  • pagepro 1590MF/1580MF 
  • bizhub 16/15 
  • bizhub 3080MF/3000MF 
  • pagepro 1500W / bizhub 12P 
  • bizhub 2600P 
  • bizhub 20 
  • bizhub 20P 

Office Printing A4 Color

  • bizhub C3350/C3850/C3850FS 
  • bizhub C3100P 
  • bizhub C3110 
  • bizhub C3351/C3851/C3851FS 
  • bizhub C4050i/C3350i 
  • bizhub C4000i/C3300i 
  • bizhub C3320i 


Professional Printing

Industrial Printing

  • bizhub PRESS C71cf with IC-602 (KM) 
  • AccurioLabel 190 with IC-602 (KM)
  • AccurioLabel 230 with IC-605 (KM)

Production Printing CMYK

  • bizhub PRESS C1100/C1085 with IC-602 (KM)
  • AccurioPress C6100/C6085 with IC-604 (KM)
  • AccurioPress C14000/C12000 with IC-610 (KM)
  • bizhub PRESS C1070/C1060 with IC-602 (KM)
  • AccurioPress C2070(P)/C2060 with IC-603(KM)
  • AccurioPress C3080(P)/C3070(P) with IC-605 (KM)
  • AccurioPrint C4065 with IC-607 (KM)
  • AccurioPress C4080/C4070 with IC-609 (KM)
  • AccurioPress C7100/C7090 with IC-609 (KM)
  • bizhub PRESS C8000/C7000/C70hc with IC-601 (KM)

Production Printing Monochrome

  • bizhub PRO 1100
  • AccurioPress 6136/P/6120
  • bizhub PRESS 2250P
  • bizhub PRESS 1250/1250P/1052/ bizhub PRO 951
  • bizhub PRO1200/1051
  • bizhub PRO 950
  • bizhub PRO 1050/bizhub PRO 1050e
  • bizhub PRO 920
  • AccurioPrint 2100


1st update – 6 April 202


Langenhagen, Germany, 06. April 2022 


Konica Minolta has been made aware of two critical vulnerabilities with the highest risk rating affecting certain applications and services.  

The threats are remote code execution vulnerabilities Spring4Shell – Spring Core RCE (CVE-2022-22965) and Spring Cloud Function RCE (CVE- 2022-22963)

CVE-2022-22965 (Spring4Shell) is found in the Spring Core Framework and was observed and confirmed at the end of March of 2022. Spring Framework is an open-source application framework, used for the development of Java-based applications, essentially aiming to help developers build applications more quickly.  If exploited, this vulnerability can enable remote code execution (RCE) attacks, but it appears to be largely at the proof-of-concept stage right now for specific Spring Framework implementations. 

CVE-2022-22963 (Spring Cloud Function RCE) was also observed and confirmed at the end of March 2022 and is affecting the Spring Cloud Function version 3.1.6, 3.2.2 and older unsupported versions. When using routing functionality, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources

Since this is still an early stage for both vulnerabilities, we do not yet have a list of affected applications/offerings from Konica Minolta for you. We are currently evaluating which versions of which offered applications are affected and if so, how to remedy the vulnerability. 

For Konica Minolta, the security of our devices, applications, and services is of the highest concern. We are working on resolving the topic with the highest priority and speed and will provide regular updates.