Potential impact

When communicating with a Java application, a connection using TLS 1.0 or TLS 1.1 may be made, which are vulnerable versions.

Affected components and versions

How to check the firmware version:
1. Access Web Image Monitor from your browser.
https://"IP address" or "hostname" of the device.
2. Log in with Administrator privileges.
3. Navigate to Device Management > Configuration > Extended Feature Settings > Extended Feature Info > JavaTM Platform

Resolution

There are two steps that need to be followed to fully address the vulnerability:

Step 1:
Please visit the following link and open the "Firmware" tab to download the RICOH Firmware Update Tool (JavaTM Platform) and update the firmware to the latest version: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/spc340dn/spc340dn.htm

Note: Please be careful not to download "RICOH Firmware Update Tool for SP C340DN/C342DN," and be sure to use the "RICOH Firmware Update Tool (JavaTM Platform)".

By updating to the latest firmware, TLS 1.0 and 1.1 will not be enabled automatically. However, this is only effective for future updates and due to technical reasons the issue may still occur after the update performed in Step 1. Therefore, be sure to complete Step 2 as well.

Step 2:
Follow the steps below to manually disable TLS 1.0 and TLS1.1:
1. Access Web Image Monitor from your browser.
https://"IP address" or "hostname" of the device.
2. Log in with Administrator privileges.
3. Navigate to Device Management > Configuration > Extended Feature Settings > Administrator Tools > Select Available Functions.
4. Set TLS1.0(SSL Server) and TLS1.1(SSL Server) to [Inactive].
5. Click the [Apply] button.