Update: Notice on potential impact of Apache Log4j vulnerability towards Ricoh products and services

25 Jan 2022

Last updated: January 25, 2021
First published: December 15, 2021

 

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported Apache Log4j remote code execution vulnerability (CVE-2021-44228). Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by this vulnerability.

Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability. 

Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by this vulnerability. Ricoh products and services not listed are under ongoing investigation.

Office Products Multifunction Printers/Copiers Black & White MFP
Color MFP
Wide Format MFP
Printers Black & White Laser printers
Color Laser Printers
GelJet Printers
Handy Printers
Printer based MFP
Digital Duplicators
FAX
Interactive Whiteboards
Projectors
Video Conferencing
Remote Communication Gates Remote Communication Gate A2
Remote Communication Gate A
Remote Communication Gate Type N/L/BN1/BM1
Software & Solutions @Remote Connector NX
Card Authentication Package Series
Device Manager NX Accounting
Device Manager NX Enterprise
Device Manager NX Lite
Device Manager NX Pro
DocuWare
Enhanced Locked Print Series
ESA TransFormer Server v4.x
EZ Charger Suite Serverless
EZ Charger Suite Server
GlobalScan NX
Printer Driver Packager NX
RICOH Smart Integration (RSI) Platform and its applications
RICOH Print Management Cloud
RICOH Streamline NX V2
RICOH Streamline NX V3
Commercial & Industrial Printing
Cutsheet Printers
Garment Printers
Wide Format Printers
Software & Apps
RICOH InfoPrint® Font Collection
RICOH InfoPrint® PPFA
RICOH InfoPrint® WorkFlow
RICOH Web Enablement Solutions Suite

About Ricoh products and services that have been confirmed to be affected by this vulnerability.

The following products have been confirmed to be affected by this vulnerability.

Continuous feed printers RICOH ProVC40000 Fixed release can be provided for these products. Please contact your sales representative.
RICOH ProVC60000
RICOH ProVC70000
Software & Apps RICOH InfoPrint Manager
RICOH ProcessDirector
RICOH Supervisor
RICOH TotalFlow BatchBuilder
RICOH TotalFlow Prep
RICOH TotalFlow Production Manager

For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.

Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Additional updates on impacted Ricoh products and services and related countermeasures will be provided promptly on this page as they become available.