Update (Added eight vulnerabilities): A Server-Side Request Forgery vulnerability
Last updated: 12:00 pm on April 10, 2023 (2023-04-10T11:00:00+09:00)
First published: 04:00 pm on February 21, 2023 (2023-02-21T14:00:00+09:00)
Ricoh Company, Ltd.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh has identified a Server-Side Request Forgery (SSRF) vulnerability(CVE-2023-23560) in some of our devices listed below.
SSRF can occur because of a lack of input validation.
Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device. Please refer to the following URL for further details:
https://nvd.nist.gov/vuln/detail/CVE-2023-23560
Update (Added eight vulnerabilities): 10th April 2023
CVE-2023-26063: Type confusion may occur with PostScript interpreter.
CVE-2023-26064: Out of bounds write may occur with PostScript interpreter.
CVE-2023-26065: Integer overflow may occur with PostScript interpreter.
CVE-2023-26066: Stack may be improperly validated with PostScript interpreter.
CVE-2023-26067: Lack of input validation may be leveraged by an attacker who has already compromised the device to escalate privileges.
CVE-2023-26068: The Embedded Web Server may not properly sanitize input data.
CVE-2023-26069: Arbitrary code may be executed due to lack of input validation in the Web API.
CVE-2023-26070: Arbitrary code may be executed due to lack of input validation in the SNMP feature.
Successful exploitation of these vulnerabilities can lead to an attacker being able to remotely execute arbitrary code on a device.
| Vulnerability Information ID | ricoh-2023-000002 |
| Version | 1.01E |
| CVE ID(CWE ID) | CVE-2023-23560 (CWE-918,CWE-20,CWE-77) CVE-2023-26063 (CWE-843) CVE-2023-26064 (CWE-847) CVE-2023-26065 (CWE-190) CVE-2023-26066 (CWE-129)CVE-2023-26067 (CWE-20,CWE-269)CVE-2023-26068 (CWE-20,CWE-267) CVE-2023-26069 (CWE-20)CVE-2023-26070 (CWE-20) |
| CVSSv3 score | 9.0 CRITICAL |
List 1: Ricoh products and services affected by this vulnerability
| Product/service | Link to details |
| M C240FW | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2023-000002 |
| P C200W | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2023-000002 |
Contact
Please contact your local Ricoh representative or dealer if you have any queries.
History:
2023-04-10T11:00:00+09:00 : 1.01E Added eight vulnerabilities
2023-02-21T14:00:00+09:00 : 1.00E Initial public release
News & Events
Keep up to date
- 09Dec
Free RICOH Webinar Series : "Beyond the Limits: Cloud-Powered Security, Networks, and Data Analytics"
- 06Dec
RICOH Thailand has received the Operator Recognition Award for over 20 years of continuous Thai green label certified, along with the annual Green Label Certification Award from the Thai Environmental Institute (TEI)
- 04Dec
Ricoh selected amongst the Financial Times “Best Employers Asia- Pacific 2025”
- 14Nov
Ricoh IM C320F Wins a 2025 Pick Award from Keypoint Intelligence