First published: 07:00 pm on December 26, 2022 (2022-12-26T17:00:00+09:00)
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported "Threat of folder user password breach"(CVE-2022-43969) that affects certain products and services that Ricoh develops, manufactures, and offers.
The user password for the folder, that is saved to a device with data transmission functionality, may be breached via a malicious ftp server by changing data transmission setting.
List 1 below shows the affected products and services. Ricoh offers measures detailed in the hyperlinked pages in the list.
Products and services not mentioned in List 1 are currently under security investigation. Please note that this page will be updated if there is change in status.
Vulnerability Information ID | ricoh-2022-000002 |
Version | 1.00E |
CVE ID(CWE ID) | CVE-2022-43969 ( CWE-255 ) |
CVSSv3 score | 9.1 CRITICAL |
List 1: Ricoh products and services affected by this vulnerability
Product/service | Link to details |
Pro C5300S/C5310S | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000019-2022-000002 |
M C2001 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000018-2022-000002 |
IM C530F/IM C530FB | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000017-2022-000002 |
IM 350F/350/430F/430Fb | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000016-2022-000002 |
MP 305+ | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000015-2022-000002 |
IM 350/430Fb | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000014-2022-000002 |
IM 550F/600F/600SRF | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000013-2022-000002 |
IM 7000/8000/9000 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000012-2022-000002 |
MP 2555/3055/3555/4055/5055/6055 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000011-2022-000002 |
IM 2500/3000/3500/4000/5000/6000 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2022-000002 |
M 2700/2701/2702 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000009-2022-000002 |
IM C400F/IM C300F/IM C300/IM C400SRF | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000008-2022-000002 |
IM C2000/C2500 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000007-2022-000002 |
IM C5500/C6000 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000006-2022-000002 |
IM C3000/C3500/C4500 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000005-2022-000002 |
RICOH MP C2004/MP C2504 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000004-2022-000002 |
RICOH MP C5504/C6004 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000003-2022-000002 |
RICOH MP C3004/C3504/C4504 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000002-2022-000002 |
IM C6500/C8000 | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000001-2022-000002 |
Contact
Please contact your local Ricoh representative or dealer if you have any queries.
Acknowledgement:
Ricoh would like to thank Wouter Arts and Geert Braakhekke of WTH Security for reporting this vulnerability.
History:
2022-12-26T17:00:00+09:00 : 1.00E Initial public release