The OpenSSL TLS heartbeat read overrun defect (CVE-2014-0160), termed "Heartbleed", specifically affects the OpenSSL 1.0.1 libraries.  The exploit targets web services via the TLS extension for heartbeat.

 

https://www.openssl.org/news/secadv_20140407.txt

 

Most Pharos products are based upon Microsoft libraries, not OpenSSL.  Pharos EDI and SignUp rely on Microsoft IIS.  MobilePrint relies upon .NET Web-API.  These systems use Microsoft SSL libraries, such as SChannel, not OpenSSL.

 

http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx

 

Not all supporting libraries are Microsoft.  Each Development team is evaluating their non-Microsoft libraries to confirm whether any Pharos products are affected.

 

Thus far, Development has finished their review of the following products and concluded that they are not affected.

  • Uniprint - All versions
  • Blueprint - All versions
  • MobilePrint - All versions
  • Omega PSX - Firmware 1.1.4
  • Omega PS200 - Firmware 1.0.1
  • Omega PS60 - Firmware 1.1.4
  • Omega PS60B - Firmware 1.0.0

 

We'll continue to post updates to this article as we continue evaluating all of our products.

 

Additional read: Pharos Product Update: Heartbleed Announcement