[Important Notice]
Vulnerability in ScanSnap Manager Installers
Updated:Aug 3rd, 2021
PFU Limited
For the users of ScanSnap Manager V5.x (Models: S1500, S1500M, and S1300), a new installer is now released for ScanSnap Manager V5.6 in which this vulnerability has been fixed.
For the users of ScanSnap Manager V4.x (Models: S300, S510, and S500), a new installer is now released for ScanSnap Manager V4.6 in which this vulnerability has been fixed.
We sincerely apologize for inconvenience we caused you.
Updated:July 5th, 2021
PFU Limited
For the users of ScanSnap Manager V6.x (Models: iX500, S1300i, iX100, S1100, and SV600), a new installer is now released for ScanSnap Manager V7.1 in which this vulnerability has been fixed.
If you are using any version earlier than ScanSnap Manager V6.x, please kindly wait until a fixed installer becomes ready, or install ScanSnap Manager with the workaround written below.
We sincerely apologize for inconvenience this issue may have caused you.
Publication date:May 27th, 2021
PFU Limited
This document is intended to inform ScanSnap users that a vulnerability in ScanSnap Manager installers for Windows has been reported by a security research agency.
1. Software Affected
- ScanSnap Manager Installer prior to version V7.0L20
2. Vulnerability
This vulnerability affects users only during start of installation. Therefore, it does not affect users who have already installed ScanSnap Manager.
If the installer runs on a Windows PC while a malicious third-party DLL exists, operations not intended by the user may be executed.
3. Temporary Workaround
If you want to install a version prior to ScanSnap Manager V7.0L20, or if you want to run an installer that you previously downloaded, you can perform a secure installation by following the procedure below.
[Procedure]
1) Create a new folder in any location.
Example: Create a new folder on the desktop.
C:\Users\username\Desktop\new folder
2) Move the installer to the folder created in step 1).
3) Run the installer to install ScanSnap Manager.
4. Next steps
PFU is going to release new ScanSnap Manager installers with the vulnerability fixed.
The release schedule will be announced in this page.
This vulnerability does not exist in ScanSnap Home, the latest ScanSnap software, or ScanSnap Manager V7.0L20 or later.
We sincerely apologize for inconvenience this issue may have caused you.
5. Related information
JVN#65733194 The installers of ScanSnap Manager may insecurely load Dynamic Link Libraries
Contact
Imaging Support Department, PFU Limited
E-mail: scanners@pfu.fujitsu.com
Thank you for your continued use of our product.