Ripple 20 vulnerability

 

Langenhagen, Germany, 21 July 2020

Precautionary information: JSOF has identified a potential vulnerability (“Ripple20”) in TCP/IP stacks by the Treck Inc, affecting millions of devices around the globe from a wide range of manufacturers. An immediately launched investigation by Konica Minolta has identified 2 office printing devices containing Treck’s TCP/IP stack - bizhub 5020i/4020i/5000i/4000i and bizhub 3080MF/3000MF/2600P.

Some Industrial Printing presses are currently still under investigation. Hence, the majority of Konica Minolta’s devices are not affected by this vulnerability. Exploiting this vulnerability could grant unauthorised external access to the devices. Konica Minolta recommends the following measures to mitigate the potential vulnerability:
 

  • Minimize network exposure for affected devices by disabling not needed protocols and ensure that devices are not accessible from the Internet, unless absolutely essential
  • Secure the network environment in which the device is located with a firewall and use of the IP filter function to restrict access 
 

Please find more information on the devices affected here: Security Advice