The OpenSSL TLS heartbeat read overrun defect (CVE-2014-0160), termed "Heartbleed", specifically affects the OpenSSL 1.0.1 libraries. The exploit targets web services via the TLS extension for heartbeat.
Most Pharos products are based upon Microsoft libraries, not OpenSSL. Pharos EDI and SignUp rely on Microsoft IIS. MobilePrint relies upon .NET Web-API. These systems use Microsoft SSL libraries, such as SChannel, not OpenSSL.
Not all supporting libraries are Microsoft. Each Development team is evaluating their non-Microsoft libraries to confirm whether any Pharos products are affected.
Thus far, Development has finished their review of the following products and concluded that they are not affected.
- Uniprint - All versions
- Blueprint - All versions
- MobilePrint - All versions
- Omega PSX - Firmware 1.1.4
- Omega PS200 - Firmware 1.0.1
- Omega PS60 - Firmware 1.1.4
- Omega PS60B - Firmware 1.0.0
We'll continue to post updates to this article as we continue evaluating all of our products.
Additional read: Pharos Product Update: Heartbleed Announcement