WorkCentre 7525/7530/7535/7545/7556 Security Information
Xerox Security Mini Bulletin XRX16P_V1.1 (PDF 112.9K)
June 30, 2016
Includes fix for:
CVE-2015-2808 Bar Mitzvah
Muptiple CVEs that were associated with Logjam. The following CVEs are fixed in this release.
on WorkCentre 7525/7530/7535/7545/7556
Xerox Security Mini Bulletin XRX16D_V1.0 (PDF 115.4K)
March 03, 2016
Contains fix for Crime vulnerability.
Xerox Security Bulletin XRX16-001 V1.0 (PDF 153.2K)
January 08, 2016
The System Software Version and software patch listed below for the WorkCentre 7535/7556 contain cumulative updates that incorporate security vulnerability fixes up through 05 June 2015 as well as other non-security related defect fixes. This system software release with the software patch are Common Criteria certified.
Supplemental Guide -- Secure Installation and Operation of Your WorkCentre™ 7535/7556 (PDF 508.8K)
December 08, 2015
WorkCentre Removable Hard Drive Brochure (PDF 201.3K)
October 22, 2015
Xerox Security Mini Bulletin XRX15AC_V1.0 (PDF 130.2K)
July 14, 2015
Xerox Security Mini Bulletin XRX15M V1.0 (PDF 174.2K)
April 06, 2015
Hard Drive Retention Offering for Xerox Products in the United States (PDF 264.5K)
February 02, 2015
Supplemental Secure Installation and Operation Guide for the WorkCentre 7535/7556 V1.0 (PDF 4.9M)
October 29, 2014
Xerox Security Bulletin XRX13-008 v1.0 (PDF 82.3K)
October 24, 2013
Software Release to Eliminate Unauthorized Access
Note: This bulletin has been re-issued to correct a typographical error in the URL string for one of the product ZIP files.
The Xerox products ColorQube 9201/9202/9203, WorkCentre 6400, WorkCentre 7525/7530/7535/7545/7556, and WorkCentre 7755/7765/7775 contain code for implementing a remote protocol that could be exploited to gain unauthorized access to the device.
The software release indicated in the bulletin will perform the following action:
Remove the affected code that unintentionally created the unauthorized access potential.
A software release for the products listed has been provided. This release is designed to be installed by the customer. The software release is contained in a zip file and can be accessed via the links in this bulletin announcement or on http://www.xerox.com/information-security/security-bulletins-by-year/enus.html.
Xerox Security Bulletin XRX12-005 V1.1 (PDF 103.3K)
March 25, 2013
The Xerox devices ColorQube® 9201/9202/9203, ColorQube® 9301/9302/9303, WorkCentre® 232/238/245/255/265/275, WorkCentre® 5030/5050, WorkCentre® 5135/5150, WorkCentre® 5632/5638/5645/5655/5665/5675/5687, WorkCentre® 5735/5740/5745/5755/5765/5775/5790, WorkCentre® 6400, WorkCentre® 7525/7530/7535/7545/7556, WorkCentre® 7655/7665/7675, WorkCentre® 7755/7765/7775, WorkCentre® Bookmark 40/55, WorkCentre Pro® 232/238/245/255/265/275 were shipped with certain protocols enabled that, if properly exploited, could be used to gain
unauthorized access to the system. These particular protocols should not have been present in the production configuration and need to be removed from that configuration to minimize the possibility of unauthorized system access.
A software solution (patch P49) is provided for the products listed. This solution will remove from the production configuration the unwanted protocols in question so they can’t be exploited to gain unauthorized access to the system.
This solution is designed to be installed by the customer. The software solution is compressed into a 3 KB zip file and can be accessed via the link below or via the link following this bulletin announcement on http://www.xerox.com/security.
Software available through this link:
(zip archive 2.5K)
Xerox Security Bulletin XRX12-003 v1.1 (PDF 185.5K)
March 07, 2012
NOTE: We are re-issuing this bulletin due to a spelling error of the name of one of the researchers. No technical content in the bulletin has changed.
Vulnerabilities exist that, if exploited, could allow remote attackers to insert arbitrary code into the device. This could occur with a specifically crafted Postscript or firmware job submitted to the device. If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed.
As part of Xerox’s on-going efforts to protect customers, the ability to accept these specially crafted jobs can be disabled for the affected products listed in the bulletin. Links for the software needed are contained inside the bulletin.
Xerox Security Bulletin XRX12-001 (PDF 104.2K)
February 29, 2012
System Software Version 061.121.221.28308 for the WorkCentre 7525/7530/7535/7545/7556 models is a cumulative update that incorporates several security vulnerability fixes as well as other non-security related defect fixes. This release is Common Criteria certified see http://www.xerox.com/information-security/common-criteria-certified/enus.html.
This system software release for the products listed is designed to be installed by the customer. Please follow the procedures in the bulletin to install the solution. This system software version is a full system release so the patch criticality rating is not applicable. You may download the software using the link in the Bulletin or from here.
Common Criteria Certification of the WorkCentre 7525/7530/7535/7545/7556
February 29, 2012
Certified to EAL 2
CSEC Certified Product Listing
See product information
Secure Installation and Operation of Your WorkCentre 7525-7530-7535-7545-7556 v1.4 (PDF 314.4K)
December 22, 2011
WorkCentre 7755-7765-7775 7525-7530-7535-7545-7556 ColorQube 9301-9302-9303 Supplementary Guide (PDF 590.9K)
October 24, 2011
cert_WorkCentre_7525-7530-7535-7545-7556_ Information_Assurance_Disclosure_Paper_v1.4 (PDF 7.8M)
March 08, 2011
WorkCentre 7525-7530-7535_7545-7556 Statement Of Volatility (PDF 236.3K)
October 05, 2010