RXOP

Hi,

I use RXOP 3.8.7 to call ricohConfigurator.getDateTimeSettings() to get date/time information but get error null.

The issue occurs in almost devices we have.

Please help.

Thanks.

Best Regards,

Hi,

When use RXOP to set Service Program on SP C842DN, SP 8400 DN devices.

These Service Program cannot to be set:

• ServiceProgram.ACCESS_CONTROL__SDK_CERTIFICATION_DEVICE
• ServiceProgram.USER_AUTHENTICATION__PRINTER
• ServiceProgram.ADMINISTRATOR_AUTHENTICATION_MANAGEMENT__USER_ADMINISTRATOR_AUTHENTICATION_SETTING
• ServiceProgram.USER_AUTHENTICATION_MANAGEMENT
• ServiceProgram.PRINTER_JOB_AUTHENTICATION_LEVEL
• ServiceProgram.TRACK_PERMISSION
• ServiceProgram.STOP_PRINT_SETTING
• ServiceProgram.MACHINE_ACTION_WHEN_LIMIT_REACHED
• ServiceProgram.DEFAULT_USER_PERMISSION

We wonder whether these Service Program is supported or not. How can us know what Service Program is not supported? By return code or else?

Please advise.

Thank you very much.

Hi Ricoh Support,

Currently, our customers report for this vulnerability related to log4j 1.x: 

 https://nvd.nist.gov/vuln/detail/CVE-2019-17571 

RXOP version before 3.8.6 is using log4j 1.x.

Could you please confirm whether or not RXOP is using SocketServer from log4j 1.x?

Thank you,

Hello,

I am getting asked by management, who I think is getting asked by various customers, what is Ricoh's official response to the Log4j security vulnerability recently found?

From what I can tell, Log4j is required to be distributed with our deployment solution because we use the RXOP library.

Does Ricoh have any timeframe when Log4j will be updated to a fix that doesn't include this vulnerability?

Also, for customer's who are currently stuck on an older Log4j version because of RXOP, what is Ricoh's official statement to customers? The customer asks us for an answer and it would be good for us if we can answer in the same manner as Ricoh since it is distributed with RXOP.

I checked here first:

https://www.ricoh.com/info/2021/1215_1/

I didn't see anything here mentioning the RXOP or similar.

Regards
Bryan

[Created from Request document that explain details about User and Administrator settings | Ricoh Developer Program (RiDP) (ricoh-ridp.com)]

Hi,

Thank you for your support.

When I add these Service Program to get, set sp mode on IM 600 device:

SP_LIST_SOP.add(ServiceProgram.OPTIONAL_COUNTER_TYPE__DEFAULT_OPTIONAL_COUNTER_TYPE);
        SP_LIST_SOP.add(ServiceProgram.OPTIONAL_COUNTER_TYPE__EXTERNAL_OPTIONAL_COUNTER_TYPE);

such as: 

List<SPValue> spData = spManager.getSPData(this.acl, SP_LIST_SOP)

I received this error:

Unexpected HTTP status: 403, detail :ResponseEntityProxy{[Content-Type: text/html;charset=ISO-8859-1,Content-Length: 1445,Chunked: false]}

I think current acl have not right to get above these Service program setting. If so, please give new acl.

Thanks.

Best Regards,

Hi,

I use the information from this incident

https://ricoh-ridp.com/ridp/support-system/incident/ricoh-sdc-canada/1636039344/1396866899/4293

to register new usb card reader by RXOP.

Please help to review this snippet:

PID = 21544;

VID = 1899;

CardReaderSetting cardReaderSettings = ricohConfigurator.getCardReaderSetting();
cardReaderSettings.setREADER_USED("USB");
USBCardReaderSetting usbCardReaderSettings = cardReaderSettings.getUsbSetting();
usbCardReaderSettings.setUSB_PRODUCT_ID(PID);
usbCardReaderSettings.setUSB_VENDOR_ID(VID);
usbCardReaderSettings.setUSB_READER_NAME("USB Card Reader");
usbCardReaderSettings.setUSB_CLASS("KSR");
usbCardReaderSettings.setUSB_PLUGIN("jp.co.ricoh.advop.cisplugin.keystroke");
usbCardReaderSettings.setUSB_AUTH(true);

ricohConfigurator.SetCardReaderSetting(cardReaderSettings);

• Is this right?
• These information can apply for all USB card readers (every PID, VID)?
• If not
  • what values can apply for USB_CLASS parameter? please list detail.
  • what values can apply for USB_PLUGIN parameter? please list detail.
• If we would like to delete registered USB card reader, we set all above parameters is null?
• Can register only one USB or many? If many then how?
• Need to reboot device after run ricohConfigurator.SetCardReaderSetting(cardReaderSettings);?

Thank you for your help.

Best Regards,

Hello,

what is the update on log4j library Vulnerability: CVE-2021-4104 Detail as explained in the following link:

https://nvd.nist.gov/vuln/detail/CVE-2021-4104

I did not see any information regarding this vulnerability in the Ricoh webiste Alerts and Security Vulnerabilities Announcements.

Regards

Niranjini

Hi,

In this incident https://ricoh-ridp.com/ridp/support-system/incident/ricoh-sdc-canada/1639507663/605558151/4381

We requested update RXOP because of log4j-core-2.14.1.jar Vulnerability and it moved to FAQ tracking this CVE impact: What is the impact of the Log4j exploit captured as CVE-2021-44228? | Ricoh Developer Program (RiDP) (ricoh-ridp.com)

When you update RXOP library please update this library to the latest as well:

gson-2.3.1.jar - High Severity Vulnerabilities - WS-2021-0419 | WhiteSource Vulnerability Database (whitesourcesoftware.com)

Hi Ricoh Support,

Currently, our customers report for this vulnerability related to log4j 1.x: https://access.redhat.com/security/cve/CVE-2021-4104

RXOP version before 3.8.6 is using log4j 1.x.

Could you please confirm whether or not RXOP is using JMSAppender from log4j 1.x?

Thank you,

Hello,

A flaw in Log4j, a Java library for logging error messages in applications, is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10 out of 10.

Since Ricoh RXOP library is using log4j library and we are in turn using RXOP library for our installation application, wondering how Ricoh is expected to handle this problem or mitigate it.

Regards

Niranjini