Service Provider Info No.

: SI1950228

CMD-V4: New security Firmware 2011

Relevant products/components:

BANKING COMPONENTS

Cash Dispenser:

-CMD V4
-CMD V4 SNR
-CMD V4 SE

Firmware Data
System / component CMD-V4
Firmware file name(s) CMD_V4_0.BIN
FW Mat No Modseq
$MOD$ 180622 2011 CMD_V4_0.BIN
New FW Version 2011 Replaced FW version 2010
Release date 04.07.2018 Firmware supplier Diebold Nixdorf
Project release: YES If yes, reason: it is not global released yet

Dependencies
Hardware No dependencies
CMD-V4 Boot Loader $MOD$ 140926 2000 CMD_BOOT.BIN
Software Some features / bug fixes included in this firmware version are only available in combination with a platform
software update. Therefore, it is highly recommended to update the firmware together with the actual
ProBase version.

The Firmware requires Security Enhancement Upgrade Paket, PRJ_303 (1.2/xx).

Information concerning the firmware

In firmware 2011 it is possible to deactivate the encryption by pressing the function button (function 6).
The procedures for the operator(s) for HW authentication have changed since FW 2010 and described below.

For the authentication process to run, at least one cash cassette must be inserted in the system and another slot (for cash cassettes) must be available (either
empty or equipped with a cash cassette). The Retract/Reject cassette is not required because it cannot be inserted into another slot. Defective cash cassettes
should be removed first!
If this minimum requirement is not met, the authentication process is terminated.

Hardware authentication can only take place when the safe door is open. The dispenser must be in working position in the safe (safety switch must be closed). To
prevent tampering with the safe door switch and the wiring, two cassettes must be replaced. An "exchange" means that the cassettes must be completely
removed and inserted again in the slot of the other cassette. If there is only one cassette in the system, the change to another (empty) slot is displayed.

The sequence is guided and supported by optical (7-segment display) and acoustic signals (beeper) of the system. The specifications as to which cassettes are to
be changed or which cassette is to be inserted in which empty slot are also made randomly by the firmware.
The complete hardware authentication process consists of two parts. In the first part the operator is asked to exchange the cassettes, in the second part then to
exchange them back!

Two cassettes, or one cassette and one empty slot, are selected from the inserted cassettes and displayed on the 7-segment display with Cx (e.g. "C2") and Cy
(e.g. "C3").

X and y stand for the two slots between which the cassette(s) are to be exchanged.

The display changes between: "Cx" =>"Cy" => no display =>"Cx" =>"Cy" => no display => ...

Cx Cy

Version: 1
Date: 01.03.2019 08:09:08
Partner confidential
 Service Provider Info No.: SI1950228

The exchange is complete once both cassettes have been inserted into the requested shafts or once the only cassette has been inserted into the requested shaft.
The firmware acknowledges this with an longer signal tone and the very short display "HC" (Attention, the display is hardly visible or not visible at all!) The slightly
longer signal tone mixes with the signaling of the inserted cassettes.

After the successful completion of the first part of the authentication, the part where the cassettes are to be put back into their original place now takes place.
First, the required cassettes are output again on the 7-segment display.

The display changes between: "Cy" =>"Cx" => no display =>"Cy" =>"Cx" => no display => ...

Cy Cx

The operator is now stopped to exchange the requested cassettes in the shafts. At first it has 15sec (on request via push-button function 6) or 20sec (on request
via command DSH via T/SOP) time to start cassette handling. As soon as the firmware detects that the required cassettes are being fed or removed in the
required slots, the time is extended by 15 seconds each time.
If the operator allows this waiting time to elapse, authentication is also aborted with the display "HF" and a RESET is performed.

Authentication is not completed until both parts have been successfully completed.
It is important that the system remains in the safe during authentication. Any removal of cassettes from other shafts or the reject/retract box leads to immediate
termination of the action. The insertion of any cassettes into other positions, the insertion of a reject/retract box or the insertion of unsolicited cassettes into the
corresponding slots also leads to immediate demolition.

Cassettes that are back in their original location after hardware authentication remain in their original status ("Ready", "New",...). Only if cassettes are not in their
original location, or if the reject/retract box has been removed/inserted, then the status for these changes to "New".

If the sequence was executed successfully, the controller displays "H0" - "Hardware Authentication Ok". If an error occurs during the sequence, the controller
displays "HF" - "Hardware Authentication - Failed". A SW reset is done in both cases.

H0 HF

If the authentication process is aborted for any reason or is not successful, all encryption parameters remain unaffected and the encryption itself remains active!

Important: The procedures have only been changed for hardware authentication (push-button function 6). The procedures for the E2E hardware authentication
push-button function 7) have not been changed.

Version: 1
Date: 01.03.2019 08:09:08
Partner confidential