Are Pharos products affected by the OpenSSL "Heartbleed" defect?
The OpenSSL TLS heartbeat read overrun defect (CVE-2014-0160), termed "Heartbleed", specifically affects the OpenSSL 1.0.1 libraries. The exploit targets web services via the TLS extension for heartbeat.
https://www.openssl.org/news/secadv_20140407.txt
Most Pharos products are based upon Microsoft libraries, not OpenSSL. Pharos EDI and SignUp rely on Microsoft IIS. MobilePrint relies upon .NET Web-API. These systems use Microsoft SSL libraries, such as SChannel, not OpenSSL.
http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx
Not all supporting libraries are Microsoft. Each Development team is evaluating their non-Microsoft libraries to confirm whether any Pharos products are affected.
Thus far, Development has finished their review of the following products and concluded that they are not affected.
Uniprint - All versions
Blueprint - All versions
MobilePrint - All versions
Omega PSX - Firmware 1.1.4
Omega PS200 - Firmware 1.0.1
Omega PS60 - Firmware 1.1.4
Omega PS60B - Firmware 1.0.0
We'll continue to post updates to this article as we continue evaluating all of our products.