Update: Notice on potential impact of Apache Log4j vulnerability towards Ricoh products and services
Last updated: February 17, 2022
First published: December 15, 2021
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported Apache Log4j remote code execution vulnerability (CVE-2021-44228). Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation.
Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability. https://logging.apache.org/log4j/2.x/security.html
Upon thorough investigations, Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by this vulnerability, as List 1. For affected products and services, including those affected by related vulnerabilities such as CVE-2021-45046, CVE-2021-45105, CVE-2021-4104, and CVE-2021-44832, Ricoh offers measures detailed below in List 2.
List 1: Ricoh products and services not affected by this vulnerability
| Office Products | Multifunction Printers/Copiers | Black & White MFP |
| Color MFP | ||
| Wide Format MFP | ||
| Printers | Black & White Laser Printers | |
| Color Laser Printers | ||
| GelJet Printers | ||
| Handy Printers | ||
| Printer based MFP | ||
| Digital Duplicators | ||
| FAX | ||
| Interactive Whiteboards | ||
| Projectors | ||
| Video Conferencing | ||
| Remote Communication Gates | Remote Communication Gate A2 | |
| Remote Communication Gate A | ||
| Remote Communication Gate Type N/L/BN1/BM1 | ||
| Software & Solutions | @Remote Connector NX | |
| Card Authentication Package Series | ||
| Device Manager NX Accounting | ||
| Device Manager NX Enterprise | ||
| Device Manager NX Lite | ||
| Device Manager NX Pro | ||
| DocuWare | ||
| Enhanced Locked Print Series | ||
| ESA TransFormer Server v4.x | ||
| EZ Charger Suite Serverless | ||
| EZ Charger Suite Server | ||
| GlobalScan NX | ||
| Printer Driver Packager NX | ||
| RICOH Smart Integration (RSI) Platform and its applications | ||
| RICOH Print Management Cloud | ||
| RICOH Streamline NX V2 | ||
| RICOH Streamline NX V3 | ||
| Commercial & Industrial Printing | ||
| Cutsheet Printers | ||
| Garment Printers | ||
| Wide Format Printers | ||
| Software & Apps | ||
| RICOH InfoPrint® Font Collection | ||
| RICOH InfoPrint® PPFA | ||
| RICOH InfoPrint® WorkFlow | ||
| RICOH Web Enablement Solutions Suite | ||
List 2: Ricoh products and services affected by this vulnerability
| Continuous feed printers | RICOH ProVC40000 | Fixed release can be provided for these products. Please contact your sales representative. | |
| RICOH ProVC60000 | |||
| RICOH ProVC70000 | |||
| Software & Apps | RICOH InfoPrint Manager | ||
| RICOH ProcessDirector | |||
| RICOH Supervisor | |||
| RICOH TotalFlow BatchBuilder | |||
| RICOH TotalFlow Prep | |||
| RICOH TotalFlow Production Manager | |||
Media Management Tool Media Management Tool-E | Updated program has been released for these products.Please download the latest firmware from the regional driver download site. | ||
For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.
Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Please note that this page will be updated if there is a change in the status.
News
Keep up to date
- 17Apr
Ricoh-Toshiba Tec Joint Venture: Frequently Asked Questions
- 05Apr
Ricoh awarded tenth EcoVadis Gold Rating for sustainability performance
- 27Mar
Ricoh positioned by Gartner® in its 2024 Magic Quadrant™ for Outsourced Digital Workplace Services for fourth consecutive year
- 18Mar
Ricoh wins iF DESIGN AWARD 2024 for three digital products