Canon, Fuji Xerox, DocuWare Say Products Not Affected by Heartbleed

heartbleedCanon Inc., and Fuji Xerox, both of Japan, report that they are continuing to evaluate their MFPs and printers to determine if they are vulnerable to the “Heartbleed” OpenSSL security vulnerability. So far neither firm reports that it has been affected.

Canon reports: “We have been evaluating Canon products equipped with network connectivity as well as websites directly operated by Canon. At this time, however, we have not found any that are affected by this vulnerability. We will work to further strengthen security measures to ensure that customers can continue using Canon products and websites with peace of mind.”

Fuji Xerox reports that the vulnerable OpenSSL versions in question (OpenSSL1.0.1 to 1.0.1f, OpenSSL1.0.2-beta to 1.0.2-beta1) are not used in the Fuji Xerox products listed here, and that customers are safe to operate their equipment as usual.

DocuWare also says its products aren’t affected by Hearbleed, because DocuWare doesn’t use OpenSSL to perform SSL encryption. With DocuWare, a default installation of IIS is responsible for the encryption of HTTP traffic. The IIS is not affected by the vulnerability.

Caution is advised when you are encrypting HTTP traffic on a specific proxy. This can be the case if you are using DocuWare behind an Apache HTTP server, Nginx or Squid. If you are using open source products or third-party products, please check whether they are affected by the Heartbleed bug.

Heartbleed refers to a vulnerability in the popular OpenSSL cryptographic software library (Version 1.0.1 to 1.0.1f). Essentially with this vulnerability, encrypted data sent over the Internet can be accessed, stolen, and exploited.

More Resources

%d bloggers like this: