Information Critical Security Vulnerability
Log4J
Langenhagen, Germany, 13 December 2021
Konica Minolta has been made aware of a critical vulnerability with the highest risk rating affecting certain applications and services.
The threat is a remote code execution (CVE-2021-4428) vulnerability affecting all service providers using Java library Log4J (all versions older than version 2.15.0). If exploited, this vulnerability allows remote code execution on vulnerable servers, giving an attacker the ability to import malware that allows them to take control of targeted systems.
Since this is still an early stage, we do not yet have a list of affected applications/offerings from Konica Minolta for you. We are currently evaluating which versions of which offered applications are affected and if so, how to remedy the vulnerability.
Regarding our internal systems, we have proactively disconnected all 590 internet facing systems from the internet on Sunday, 2 pm CET, to protect customer data and services. After a thorough investigation we were able to patch and verify most of the systems and have been reconnected to the Internet on Sunday, 11 pm CET. The remaining systems will be reconnected to the internet once we ensured that they are not vulnerable.
For Konica Minolta, the security of our devices, applications and services is of highest concern. We are working on resolving the topic with highest priority and speed and will provide regular updates.
Konica Minolta has been made aware of a critical vulnerability with the highest risk rating affecting certain applications and services.
The threat is a remote code execution (CVE-2021-4428) vulnerability affecting all service providers using Java library Log4J (all versions older than version 2.15.0). If exploited, this vulnerability allows remote code execution on vulnerable servers, giving an attacker the ability to import malware that allows them to take control of targeted systems.
Since this is still an early stage, we do not yet have a list of affected applications/offerings from Konica Minolta for you. We are currently evaluating which versions of which offered applications are affected and if so, how to remedy the vulnerability.
Regarding our internal systems, we have proactively disconnected all 590 internet facing systems from the internet on Sunday, 2 pm CET, to protect customer data and services. After a thorough investigation we were able to patch and verify most of the systems and have been reconnected to the Internet on Sunday, 11 pm CET. The remaining systems will be reconnected to the internet once we ensured that they are not vulnerable.
For Konica Minolta, the security of our devices, applications and services is of highest concern. We are working on resolving the topic with highest priority and speed and will provide regular updates.