España> Cambiar país

3. Imprimir, copiar, escanear o enviar por fax su mejor trabajo con soluciones de impresión a color que se ajustan a cualquier presupuesto de oficina
4. Multifunción
5. Impresoras
6. Copiadoras
7. Soluciones de Software
8. Opciones y Consumibles
9. Escaners
3. Herramientas de desarrollo y tecnología de impresión comercial para afianzar el negocio de la impresión digital
4. Prensas digitales
5. Impresoras y copiadoras de producción
6. Impresoras de Producción en Papel Continuo
7. Gran formato
8. Flujo de trabajo y software
9. Desarrollo empresarial
10. Opciones y Consumibles
3. Externalización de Servicios y procesos para reducir costes, aumentar la eficiencia, acelerar el tiempo de rentabilidad y mejorar la experiencia del cliente.
4. Oferta de servicios
5. Sectores a los que prestamos servicio
6. Casos de estudio
7. Artículos técnicos
8. Acerca de nosotros

Como líder mundial en el desarrollo de tecnología digital, Xerox ha demostrado su compromiso con la seguridad de los equipos digitales y la información que estos procesan. Estamos comprometidos con la identificación de posibles vulnerabilidades de nuestros productos y decididos a actuar para restringir los riesgos.

Xerox practica la divulgación responsable y emite Boletines de seguridad de Xerox en los que se describe al detalle la solución de algunos aspectos vulnerables conocidos de los productos. Vea más abajo versiones en PDF de los últimos boletines en inglés. Puede consultar boletines anteriores y más información sobre la seguridad de los productos Xerox en el sitio de EE.UU. Security @ Xerox

Boletines de seguridad de Xerox (solo en inglés)

Xerox Security Bulletin Summary PDFs: 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004

2010
Xerox Security Bulletin XRX10-003 (PDF, 76KB) June 18, 2010 System Software Version 021.120.060.00015 for the WorkCentre 5632-5687 Multi-Board controller and WorkCentre 5135/5150 models and System Software Version 025.054.060.00015 for the 5632-5655 Single Board controller models is a cumulative update that incorporates several security vulnerability fixes as well as other non-security related defect fixes. Both releases have been submitted for Common Criteria certification, which is expected to be completed by September 2010. >Download System Software Release for the Multi-Board Controller (MBC) products (zip archive, 106MB) >Download System Software Release for the Single Board Controller (SBC) products (zip archive, 134MB) Xerox Security Bulletin XRX10-002 (PDF, 102KB) March 29, 2010 Original Release January 22, 2010 Vulnerabilities exist in the Network Controller and Web Server of the WorkCentre 5632/5638/5645/5655/5665/5675/5687, WorkCentre 5030/5050, WorkCentre 5135/5150, WorkCentre 6400, WorkCentre 7655/7665/7675, WorkCentre 7755/7765/7775, WorkCentre/WorkCentre Pro 232/238/245/255/265/275 and ColorQube 9201/9202/9203 products. If exploited these vulnerabilities could permit an attacker to either bypass Scan to Mailbox authorization to access mailboxes stored on the device or bypass web server authorization to view device configuration settings. Customer and user passwords are not exposed. >Download Software Update for the WorkCentre, WorkCentre Pro and ColorQube products listed above (zip archive, 2.6MB) Xerox Security Bulletin XRX10-001 (PDF, 59KB) January 22, 2010 A vulnerability exists in the Network Controller of the WorkCentre 6400. If exploited the vulnerability could potentially permit unauthorized access to the Network Controller directory structure via a carefully constructed PostScript file. >Download Software Update for the WorkCentre 6400 (zip archive, 5.0MB)
2009
Xerox Security Bulletin XRX09-004 (PDF, 84KB) September 18, 2009 Original Release September 1, 2009 An LPD protocol handling vulnerability exists in the firmware for the WorkCentre 7232/7242, the WorkCentre 7328/7335/7345/7346, and the WorkCentre 7425/7428/7435. If exploited, this vulnerability could cause a denial of service by crashing the device, although power cycling the device will recover from this attack. Customer and user passwords are not exposed. Xerox Security Bulletin XRX09-003 (PDF, 89KB) January 22, 2010 Second Release September 29, 2009 Original Release August 28, 2009 A vulnerability exists in the web servers of the WorkCentre 5030/5050, the WorkCentre 5135/5150, the WorkCentre 5632/5638/5645/5655/5665/5675/5687, the WorkCentre 7655/7665/7675, the WorkCentre 6400, and the ColorQube 9201/9202/9203. If exploited when SSL is not enabled on the device, the vulnerability could allow remote attackers to obtain unauthorized access to device configuration settings, possibly exposing customer passwords >Download Software Update for the WorkCentre and ColorQube products listed above (zip archive, 12KB) NOTE: The original version of the P39 patch required a manual reboot after installation. This version of the patch automatically performs a re-boot upon installation. Xerox Security Bulletin XRX09-002 (PDF, 78KB) May 15, 2009 A command injection vulnerability exists in the web server of the WorkCentre/WorkCentrePro 232/238/245/255/265/275, the WorkCentre 7655/7665/7675, and the WorkCentre 5632/5638/5645/5655/5675/5687. if exploited, the vulnerability could allow remote attackers to execute arbitrary code via carefully crafted inputs on the affected web page. Customer and user passwords are not exposed. > Download Software Update for WorkCentre/WorkCentrePro 232/238/245/255/265/275, WorkCentre 7655/7665/7675, and WorkCentre 5632/5638/5645/5655/5675/5687 (zip archive, 8.3MB) Xerox Security Bulletin XRX09-001 (PDF, 69KB) January 30, 2009 A command injection vulnerability exists in the web server of the WorkCentre/WorkCentre Pro 232/238/245/255/265/275 and the WorkCentre 5632/5638/5645/5655/5665/5675/5687. If exploited, the vulnerability could allow remote attackers to execute arbitrary code via carefully crafted inputs on the affected web page. Customer and user passwords are not exposed. > Download Software Update for WorkCentre/WorkCentre Pro 232/238/245/255/265/275 and WorkCentre 5632/5638/5645/5655/5665/5675/5687 (zip archive, 162KB)

2008

Xerox Security Bulletin XRX08-010 (PDF, 122KB)
August 6, 2010
Originally Released September 22, 2008
A Denial of Service vulnerability exists in the Phaser 6100, Phaser 6200, Phaser 7300, Phaser 7750, and Phaser 8400. If exploited, this vulnerability could allow malicious users to cause the device to restart, thus effectively denying service to legitimate users.

Xerox Security Bulletin XRX08-009 (PDF, 104KB)
Update October 16, 2008 Update October 7, 2008 Original Release: September 19, 2008
A vulnerability exists in the ESS/Network Controller that, if exploited, could allow remote attackers to execute arbitrary code via specially crafted Remove Service Message Block (SMB) responses. This could occur with buffer overflows and un-validated user input in the Samba third-party code that handles file and printer sharing services for SMB clients (including Xerox MFD devices). If successful, an attacker could make unauthorized changes to the system configuration; however, customer and user passwords are not exposed. This vulnerability affects only the printer sharing services.
Download Software Update for WorkCentre Pro 232/238/245/255/265/275, WorkCentre 232/238/245/255/265/275, WorkCentre 7655/7665/7675, and WorkCentre 5632/5638/5645/5655/5665/5675/5687
(zip archive, 6.6MB)

Xerox Security Bulletin XRX08-008 (PDF, 39KB)
July 9, 2008
CentreWare Web has been found to be vulnerable to a set of potential SQL Injection and Cross Site Scripting vulnerabilities. If exploited, these vulnerabilities could allow an attacker to make unauthorized changes to CentreWare Web or asset data, or redirect user browsing sessions.

Xerox Security Bulletin XRX08-007 (PDF, 44KB)
June 12, 2008
A persistent cross site scripting vulnerability exists in the web server of the Xerox 4110 Copier/Printer, the Xerox 4590 Copier/Printer, and the Xerox 4595 Copier/Printer. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
> Download Install Instructions (PDF, 845MB)
> Download Software Update for Xerox 4110/4590/4595 (zip archive, 28MB)

Xerox Security Bulletin XRX08-006 (PDF, 42KB)
June 12, 2008
A vulnerability exists in the Web Services of the WorkCentre 7655/7665/7675 when attempting to access the Extensible Interface Platform feature under certain conditions. If exploited, this vulnerability could allow an attacker unauthorized access to make changes to the system configuration.
> Download Software Update for WorkCentre 7655/7665/7675 (zip archive, 20MB)

Xerox Security Bulletin XRX08-005 (PDF, 1MB)
June 12, 2008
A persistent cross site scripting vulnerability exists in the web server of the WorkCentre M123/M128, WorkCentre 133, WorkCentre Pro 123/128 and WorkCentre Pro 133. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
Download Software UpdateRefer to the XRX08-005 Security Bulletin to determine which file to download.
> Group 1 Languages Standard Executable (zip archive, 16MB)
> Group 1 Languages with Postscript Executable (zip archive, 21MB)
> Group 2 Languages Standard Executable (zip archive, 16MB)
> Group 2 Languages with Postscript Executable (zip archive, 21MB)
> Group 3 Languages Standard Executable (zip archive, 15MB)
> Group 3 Languages with Postscript Executable (zip archive, 21MB)

Xerox Security Bulletin XRX08-004 (PDF, 1MB)
May 22, 2008
A persistent cross site scripting vulnerability exists in the web server of the WorkCentre 7132 and WorkCentre 7228/7235/7245. If exploited, this vulnerability could allow code injection by malicious web users into the web pages viewed by other users.
Download Software UpdateRefer to the XRX08-004 Security Bulletin to determine which file to download.
> WorkCentre 7132 Standard Executable (zip archive, 22MB)
> WorkCentre 7132 Standard Binary (zip archive, 20MB)
> WorkCentre 7132 with Postscript Executable (zip archive, 27MB)
> WorkCentre 7132 with Postscript Binary (zip archive, 25MB)
> WorkCentre 7228/7235/7245 Executable (zip archive, 41MB)
> WorkCentre 7228/7235/7245 Binary (zip archive, 39MB)

Xerox Security Bulletin XRX08-003 (PDF, 27KB)
March 28, 2008
As part of Xerox’s on-going efforts to protect customers, a patch is being provided for customers interested in the Common Criteria Certified version, 21.113.02.000, for the WorkCentre 56xx products that adds improved audit logging to meet the requirements of NIAP Policy #15.
> Download Software Update for WorkCentre 56xx products (zip archive, 20MB)

Xerox Security Bulletin XRX08-001 (PDF, 44KB)
January 4, 2008
Vulnerabilities exist in the ESS/Network Controller that, if exploited, could allow remote attackers to execute arbitrary code via specially crafted Remote Procedure Call (RPC) requests.
> Download Software Update for WorkCentre 232/238/245/255/265/275, WorkCentre Pro 232/238/245/255/265/275, and WorkCentre 7655/7665 (zip archive, 8MB)

2007

Xerox Security Bulletin XRX07-002 (PDF, 42KB)
October 15, 2007
A command injection vulnerability exists in the ESS/ Network Controller and MicroServer Web Server. If exploited, this vulnerability could allow remote execution of arbitrary software.
> Download Software Update for WorkCentre 232/238/245/255/265/275, WorkCentre Pro 232/238/245/255/265/275, and WorkCentre 7655/7665 (zip archive, 1.1MB)

Xerox Security Bulletin XRX07-001 (PDF, 39KB)
August 30, 2007 Original Release: June 29, 2007
A command injection vulnerability exists in the ESS/ Network Controller that, if exploited, could allow remote execution of arbitrary software, forgery of digital certificates, or initiation of Denial of Service attacks.
> Download Software Update (zip archive, 990KB)

2006

Xerox Security Bulletin XRX06-007 (PDF, 45KB)
October 15, 2007 - Original Release: December 13, 2006
A command injection vulnerability exists in the ESS/ Network Controller and MicroServer Web Server. If exploited this vulnerability could allow remote execution of arbitrary software.
This bulletin has been rescinded and is no longer valid. Download Permanently Unavailable

Xerox Security Bulletin XRX06-006 (PDF, 42KB)
July 26, 2007 Original Release: November 30, 2006
Cumulative update to address multiple security vulnerabilities

Xerox Security Bulletin XRX06-005 (PDF, 144KB)
October 15, 2007 - Original Release: October 3, 2006
Vulnerability in the ESS/ Network Controller and MicroServer Web Server could allow remote execution of arbitrary software.
This bulletin been superseded by XRX07-002. Download Permanently Unavailable

Xerox Security Bulletin XRX06-004 (PDF, 43KB)
October 4, 2006
Cumulative update to address multiple security vulnerabilities

Xerox Security Bulletin XRX06-003 (PDF, 20 KB)
July 27, 2007 Original Release: June 22, 2006
Cumulative update for Common Criteria Assurance Maintenance. Note: This bulletin has been superseded by XRX06-006.

Xerox Security Bulletin XRX06-002 (PDF, 44 KB)
October 25, 2006
System software versions available to address denial of service and other vulnerabilities in ESS

Xerox Security Bulletin XRX06-001 (PDF, 35KB)
April 24, 2006 Original Release: 02/20/06
Vulnerabilities in the ESS/ Network Controller and MicroServer Web Server could potentially permit unauthorized access. Note: This bulletin has been superseded by XRX06-003.

2005

Xerox Security Bulletin XRX05-009 (PDF, 41KB)
August 10, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 518 KB)

Xerox Security Bulletin XRX05-008 (PDF, 69KB)
August 10, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 2759 KB)

Xerox Security Bulletin XRX05-007 (PDF, 101KB)
August 25, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 1683 KB)

Xerox Security Bulletin XRX05-006 (PDF, 41KB)
August 4, 2005
Vulnerabilities in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 582 KB)

Xerox Security Bulletin XRX05-005 (PDF, 36KB)
April 13, 2005
Vulnerability in the Xerox MicroServer Web Server could potentially permit unauthorized access.
> Download Software Update (zip archive, 7.9MB)
Note: This patch applies to launch level software only.

Xerox Security Bulletin XRX05-004 (PDF, 52KB)
June 13, 2005
Vulnerability in the Xerox MicroServer Web Server could cause a denial of service.
> Download Software Update (zip archive, 2.2MB)

Xerox Security Bulletin XRX05-003 (PDF, 53KB)
June 13, 2005
Vulnerability in the http server on the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (zip archive, 97KB)

Critical Security Update for Xerox DocuColor 6060 XPe System Update Software (1H23O1)Version: 2.2
February 18, 2005
System Updates is a print server service that keeps the system software on your print server up-to-date with the latest Microsoft security updates. Note: The prerequisite for System Updates functionality is to have patches 1-G88R5, and 1-G6ZLT installed on the Fiery.

Critical Security Update for Xerox DocuColor 7000/8000 XPe System Update Software (1H23O1)Version: 1.0
February 18, 2005
System Updates is a print server service that keeps the system software on your print server up-to-date with the latest Microsoft security updates. Note: The prerequisite for System Updates functionality is to have patches 1-G88R5, and 1-G6ZLT installed on the Fiery.

Xerox Security Bulletin XRX05-002 (PDF, 22KB)
January 19, 2005
Vulnerability in the WorkCentre M24 scanning/faxing software could expose personal information.

Xerox Security Bulletin XRX05-001 (PDF, 125KB)
January 14, 2005
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (zip archive, 8.25MB)

2004

Xerox Security Bulletin XRX04-010 (PDF, 38KB)
December 20, 2004
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (zip archive, 24MB)

Xerox Security Bulletin XRX04-009 (PDF, 36KB)
April 13, 2004
Vulnerability in the http server on the ESS/ Network Controller could potentially permit unauthorized access.
> Download Software Update (PDF, 13KB)

Xerox Security Bulletin XRX04-008 (PDF, 33KB)
May 2, 2005
The information provided here is consistent with the security functional claims made in the Security Target

Xerox Security Bulletin XRX04-007 (PDF, 101KB)
August 31, 2004
Vulnerability in the Xerox MicroServer Web Server could cause a denial of service
> Download Software Update (zip archive, 2.1 MB)

Xerox Security Bulletin XRX04-006 (PDF, 103KB)
August 31, 2004
Vulnerability in the ESS/ Network Controller could cause Immediate Image Overwrite to fail in a specific instance with no indication after an unexpected power loss
> Download Software Update (zip archive, 613 KB)

Xerox Security Bulletin XRX04-005 (PDF, 65KB)
June 7, 2005
Vulnerability in the ESS/ Network Controller could potentially permit unauthorized access
> Download Software Update (zip archive, 8.7 MB)

Xerox Security Bulletin XRX04-004 (PDF, 99KB)
June 24, 2004
Vulnerability in the ESS/ Network Controller could cause a denial of service
> Download Software Update (zip archive, 27 MB)

Xerox Security Bulletin XRX04-003 (PDF, 146KB)
April 14, 2004
WorkCentre Multifunction Devices (MFD) PostScript directory traversal patch
> Download Software Update (zip archive, 6 MB)

Xerox Security Bulletin XRX04-002 (PDF, 116KB)
March 10, 2004
Xerox MicroServer Web Server Vulnerability
> Download Software Update (zip archive, 28 MB)