PDA

View Full Version : bizhub C3300i and C3350i hacking issue


Custom Search


copyman
05-13-2022, 02:11 PM
Has anyone seen this about hacking hundreds of thousands Kon/Min MFP's. At first I thought it was limited to just the C3300i & C3350i but after reading the rest of article it seems many models are affected?

Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ​​Physical Access | SecurityWeek.Com (https://www.securityweek.com/konica-minolta-printers-vulnerable-hacking-physical-access)

Woxner
05-13-2022, 06:33 PM
First i have heard of this. I am KM and they have said nothing

tsbservice
05-13-2022, 06:53 PM
2019 is i series early days they fixed a lot of vulnerabilities after that through firmware updates.
I think this article may be biased a bit.

mojorolla
05-13-2022, 08:49 PM
2019 is i series early days they fixed a lot of vulnerabilities after that through firmware updates.
I think this article may be biased a bit.
Damn, this is pretty much the past 10 years of their products. I can only image some of these older models still being un-patched.....



​Model name
Affected FW version
CVE-ID


bizhub 227, 287, 367, 308, 368, 458, 558, 758, 808, 958, PRO958, 308e, 368e, 458e, 558e, 658e, 4752, 4052, C227, C287, C258, C308, C368, C458, C558, C658, C659, C759, C3351, C3851, C3851FS
G00-U8 or later
CVE-2022-29586 CVE-2022-29587


bizhub C450i, C550i, C650i
G00-73 or later
CVE-2022-29586 CVE-2022-29587


bizhub C250i, C300i, C360i, C4050i, C3350i, C4000i, C3300i
G00-73 or later
CVE-2022-29586 CVE-2022-29587


bizhub C250i, C300i, C360i, C4050i, C3350i, C4000i, C3300i
Gxx-4A or prior
CVE-2022-29586 CVE-2022-29587 CVE-2022-29588


bizhub 306i, 226i, 246i, 266i, C3320i
Gxx-4A or prior
CVE-2022-29588 CVE-2022-29587 CVE-2022-29586





:)

femaster
05-13-2022, 09:18 PM
Konica just sent out an email with regards to 2 updated bulletins within the last 5 minutes that discuss this. I'll attach below. Covers nearly all the 7, 8 9, and i models it would seem. Probably covers older models as well, but how likely is it they will provide updates for the older stuff...

53299
53300

REGSIS
05-13-2022, 09:37 PM
Has anyone seen this about hacking hundreds of thousands Kon/Min MFP's. At first I thought it was limited to just the C3300i & C3350i but after reading the rest of article it seems many models are affected?

Hundreds of Thousands of Konica Printers Vulnerable to Hacking via ​​Physical Access | SecurityWeek.Com (https://www.securityweek.com/konica-minolta-printers-vulnerable-hacking-physical-access)

What are the chances that someone comes to your site (bring a keyboard) hack your MFP and nobody notice anything.

emujo2
05-13-2022, 10:11 PM
Many machines have external keyboards connected..User that need to rename docs usually prefer this over the electronic keyboard.

copyman
05-14-2022, 03:52 AM
Konica just sent out an email with regards to 2 updated bulletins within the last 5 minutes that discuss this. I'll attach below. Covers nearly all the 7, 8 9, and i models it would seem. Probably covers older models as well, but how likely is it they will provide updates for the older stuff...

53299
53300

Funny how K/M says nothing about this until it's made public. Like I've posted here before the Jap's will not admit to a problem until they have a solution.

I still have customers demanding the HDD from old machine when they upgrade. I tell them I will format the HDD in front of them and a few still want me to remove and hand them the HDD. This paranoia is from years ago when there was a few TV news shows saying that companies info is stored on copiers HDD.

techsxge
11-08-2022, 10:16 AM
2019 is i series early days they fixed a lot of vulnerabilities after that through firmware updates.
I think this article may be biased a bit.
i can asure you that these posts are not biased. Maybe you're right with the firmware but there are still a lot of vulnerabilities that do not even require physical access... KM still denies those issues though.

Custom Search