Recently, a security vulnerability in an open-source library called Log4J2 was made public on December 9, 2021. The Log4J2 library is a logging framework widely deployed within many Java-based applications. If the vulnerability is exploited, malicious intruders can pass and execute malware into the framework that could potentially allow them to access sensitive date and take control of targeted systems. Sharp has been working to assess the risk of the Log4J2 security vulnerability and how it affects Sharp document systems, professional and commercial display products and related applications, and services.
Recently, a security vulnerability in an open-source library called Log4J2 was made public on December 9, 2021. The Log4J2 library is a logging framework widely deployed within many Java-based applications. If the vulnerability is exploited, malicious intruders can pass and execute malware into the framework that could potentially allow them to access sensitive date and take control of targeted systems (see National Vulnerability Database: CVE-2021-44228).
Sharp has been working to assess the risk of the Log4J2 security vulnerability and how it affects Sharp document systems, professional and commercial display products and related applications, and services.
As of this date, the investigation has determined the following. Sharp products and services not listed below are under ongoing investigation.
Sharp Document Systems
|
Product
|
Log4J2 Vulnerability Impact
|
|
Sharp (A3 and A4) MFPs and Printer Firmware
|
None
|
|
Fiery Print Controller
|
None (EFI Announcement)
|
|
Print Drivers and Tools
|
None
|
|
Cloud / Email Connectors
|
None
|
|
Sharp OSA-SDK
|
None
|
|
Sharpdesk Mobile / Print Service Plug-in
|
None
|
|
Sharpdesk Network Scanner Tool
|
None
|
|
Synappx Go
|
None
|
|
Synappx Meeting
|
None
|
|
MICAS
|
None
|
|
AIP Core
|
None
|
|
Kayleigh Job Accounting
|
None
|
|
Application Portal
|
None
|
|
Sharp Remote Device Manager (SRDM)
|
SRDM versions below 2.13.0.15640 are Impacted. Older versions should be updated to this latest version. SRDM version 2.13.0.15640 can be downloaded from https://business.sharpusa.com/Software/SRDM
|
Sharp Professional and Commercial Displays
|
Product
|
Log4J2 Vulnerability Impact
|
|
SHARP Professional & Commercial Displays, AQUOS BOARD® Interactive Display Systems, and Windows Collaboration Display
|
None
|
|
SHARP Wireless Board (PN-ZB03W)
|
None
|
|
SHARP Pen Software
|
None
|
|
SHARP Information Display Downloader
|
None
|
|
SHARP Display Connect
|
None
|
|
SHARP Touch Viewer
|
None
|
|
SHARP Content Distributor
|
None
|
|
SHARP Digital Signage Software (SDSS)
|
None
|
|
DirectDrawing
|
None
|
|
Touch Pen Utility
|
None
|
|
Touch Panel Settings Tool
|
None
|
|
Touch Pen Management Tool
|
None
|
|
Display Management Tool
|
None
|
|
Display Installation Tool
|
None
|
Additional updates on impacted Sharp products and services and related countermeasures will be provided on this page as they become available.
The best way to protect against security threats is to be proactive. As a leader in document systems security, Sharp takes security very seriously by helping its clients stay ahead of malicious intruders and protect their data with robust security features included in its printers and copiers, including firmware attack prevention and recovery, confidential printing, user authentication and an end-of-lease data erase feature. Additionally, Sharp’s intelligent network interface provides security control features designed to prevent threats and document improper device access.
Sharp provides an MFP security checklist to help businesses ensure they are taking all the necessary steps. Download the checklist here or visit SharpUSA.com/Security for more information.