Alerts & Security Vulnerability Announcements
First published: May 26, 2025
Ricoh has been made aware of Microsoft's decision to discontinue support for basic authentication for sending emails using the SMTP protocol in Exchange Online as of September 2025. Following this change, OAuth2.0 authentication will be required on applications and devices when using the SMTP protocol to send emails.
This notice explains which Ricoh product functions are affected by the deprecation and the planned schedule for OAuth2.0 authentication support.
Affected functions
After basic authentication is discontinued, an error will occur when sending emails using the following functions:
Sending email using the scan function
Sending internet fax
Sending fax to an email address
On-demand Email Notification (function that notifies machine status by email)
Auto Email Notification (function that sends error notification to a designated administrator email address)
Sending error notification when using Mail to Print
Ricoh's response to this change
Firmware supporting OAuth2.0 authentication will be made available starting July 2025. Please refer to section 3 at this page, “Supported models and OAuth2.0 authentication firmware schedule,” for details.
If your device does not support automatic firmware updates or if automatic firmware updates are not enabled, then updates must be applied manually using the RICOH Firmware Update Tool. After the firmware is updated, you will also need to configure the authentication settings from Web Image Monitor. For detailed instructions, please refer to the document, “Guide to set up OAuth2.0 authentication for sending Microsoft Exchange Online email,” below.
Ricoh’s current recommendation
Until firmware for OAuth2.0 authentication is available for your product, we recommend switching to methods that do not rely on email transition or using email services other than Exchange Online.
For more information on this topic, including a projected schedule of firmware release dates by product, please refer to https://www.ricoh.com/info/2025/0526_1.
First published: March 20, 2025
Ricoh is aware of the following vulnerabilities affecting the RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF that can allow arbitrary code to be executed remotely.
Ricoh has already taken steps to address these vulnerabilities for the affected models.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies for customers around the world.
Vulnerabilities
CVE-2024-11344: A type confusion vulnerability has been identified in the Postscript interpreter. CVE-2024-11345: A heap-based memory vulnerability has been identified in the Postscript interpreter. CVE-2024-11346: A type confusion vulnerability has been identified in the Postscript interpreter. CVE-2024-11347: An integer overflow vulnerability has been identified in the Postscript interpreter. CVE-2025-1127: A combination Path Traversal and Concurrent Execution vulnerability exists within the embedded web server.
Resolution
Ricoh has issued updated firmware for the affected models to ensure continued security. The updated firmware supersedes any previous firmware updates and/or workarounds, and addresses all known vulnerabilities.
For the RICOH M C240FW and RICOH P C200W, please visit the following links to download the latest firmware and follow the steps to install.
RICOH M C240FW: https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2025-000003
RICOH P C200W: https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2025-000003
For the RICOH M C550SRF, please contact Ricoh at 1-800-637-4264, and choose option 3 or 4, to schedule a service appointment to install the latest firmware for your device.
First published: October 31, 2024
Ricoh is aware of a buffer overflow vulnerability when using the Web Image Monitor that could potentially allow a denial of service (DoS) or remote code execution attack.
Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide, and has taken the necessary actions to address this vulnerability.
Recommended User Action
Please visit https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000011 for a full list of the affected products.
If your Ricoh device is included, please click the link listed for your device to access its support page and download and install the latest firmware for your device.
For questions related to this advisory, please contact your local Ricoh representative or dealer.
Published: August 6, 2024
Ricoh has identified a vulnerability in Java VM Platform that would automatically enable outdated TLS versions (TLS 1.0 and TLS 1.1) when a firmware update is performed by Ricoh’s firmware update tool.
Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.
Ricoh has taken steps to address this vulnerability. Please visit the hyperlinks for the affected products listed below for detailed information, including countermeasures to ensure the continued security of your Ricoh product.
For questions related to this advisory, please contact your local Ricoh representative or dealer.
Published: July 29, 2024
Ricoh is aware of a reported heap buffer overflow vulnerability in WebRTC affecting certain products and services that Ricoh develops, manufactures, and offers.
Heap buffer overflow can allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. Please make sure not to use the affected RICOH products or services to view any untrusted sources (URLs or files).
Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide and has taken steps to address this vulnerability.
Please visit the hyperlinks for each product/service listed below for further details and recommended measures to ensure the continued security of your Ricoh product.
Product | Link for details |
RICOH Interactive Whiteboard Controller OP-10/OP-5/OP-5 Type2 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000079-2024-000009 |
RICOH Interactive Whiteboard Controller Type 2 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000092-2024-000009 |
RICOH Interactive Whiteboard Controller Type 3 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000093-2024-000009 |
For questions related to this advisory, please contact your local Ricoh representative or dealer.
Published: July 9, 2024
Ricoh is aware of a buffer overflow vulnerability creating the possibility of a denial of services (DoS) attack or partial data destruction caused by a remote attacker. No arbitrary code can be executed.
Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide, and has taken steps to address this vulnerability in the products listed below.
Please visit the hyperlinks for each product for further details and recommended measures to update your firmware to ensure the continued security of your Ricoh product.
Product | Link for details |
|---|---|
RICOH IP C8500 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000165-2024-000008 |
RICOH IM 370/370F/460F/460FTL | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000160-2024-000008 |
RICOH IM C7010 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000159-2024-000008 |
RICOH IM C2010/C2510 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000158-2024-000008 |
RICOH IM C4510/C5510/C6010 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000157-2024-000008 |
RICOH IM C3010/C3510 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000156-2024-000008 |
For questions related to this advisory, please contact your local Ricoh representative or dealer.
First published: June 18, 2024
Ricoh is aware of several vulnerabilities affecting the PC Client of Streamline NX V3 listed here.
Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.
Ricoh has taken steps to address these vulnerabilities. Please visit the hyperlinks for each vulnerability below with further details and recommended measures to update your version of Streamline NX and ensure its continued security.
Vulnerability | Affected versions | Link for details |
|---|---|---|
Arbitrary code execution vulnerability caused by ECF library implementation. | v3.6.x and earlier | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000004 |
Vulnerability that an attacker can escalate privileges to NT Authority\System on the OS where RICOH Streamline NX PC Client is installed. | v3.7.2 and lower | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000005 |
Vulnerability that an attacker can write arbitrary property files at any place of the filesystem. | v3.2.1.19, v3.3.1.3, v3.3.2.201, v3.4.3.1, v3.5.1.201 (3.5.1.200op1), v3.6.100.53, v3.6.2.1 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000006 |
Vulnerability that an attacker can read and delete any file on the operating system. | v3.2.1.19, v3.3.1.3, v3.3.2.201, v3.4.3.1, v3.5.1.201 (3.5.1.200op1), v3.6.100.53, v3.6.2.1 | https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000007 |
For questions related to this advisory, please contact your local Ricoh representative or dealer.
First published: February 5, 2024
Ricoh has identified vulnerabilities in the PostScript interpreter (CVE-2023-50734, CVE-2023-50735, CVE-2023- 50736) and an input validation vulnerability in the SE Menu (CVE-2023-50737) towards certain Ricoh products.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Vulnerabilities
CVE-2023-50734: Buffer overflow vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50735: Heap corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50736: Memory corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.
CVE-2023-50737: Vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.
Affected products
RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF
Resolution
Ricoh has issued updated firmware to ensure the security of the affected products.
For the RICOH M C240FW and RICOH P C200W, please visit the following webpages for further details, and how to download and install the latest firmware:
RICOH M C240FW:https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2024-000001
RICOH P C200W: https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2024-000001
For the RICOH M C550SRF, please contact Ricoh at 1-800-637-4264, and choose option 3 or 4 to schedule a service appointment to install the latest firmware to your device.
Dec. 11, 2024: DocuWare has notified Ricoh of a potential phishing attempt. Two domain names that include DocuWare were recently registered and feature a “0” in place of an “o”. They are:
docuware-notificati0n.com
docuware-notificati0n.net
DocuWare and Ricoh have taken measures to block all such domains and we strongly recommend DocuWare users do the same. We encourage all users to exercise vigilance about checking the domain name from which emails are received. Always remember to check the spelling to be sure the email is from a trusted DocuWare domain.
Should you have additional questions, please visit https://support.docuware.com/ .
First published: November 20, 2023
Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.
Ricoh is aware of the reported "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) affecting certain products and services that Ricoh develops, manufactures, and offers.
The list below indicates the affected products and services. Please visit the corresponding links for measures to ensure proper security.
Ricoh products and services affected by this vulnerability
RICOH Interactive Whiteboard D5500: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000088-2023-000005
RICOH Interactive Whiteboard D5510: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000089-2023-000005
RICOH Interactive Whiteboard D2200: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000090-2023-000005
RICOH Interactive Whiteboard Controller Type 1: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000091-2023-000005
RICOH Interactive Whiteboard Controller Type 2: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000092-2023-000005
RICOH Interactive Whiteboard Controller Type 3: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000093-2023-000005
RICOH Interactive Whiteboard Lt: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000094-2023-000005
RICOH Interactive Whiteboard Lt for Open Controller: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000095-2023-000005
First published: April 6, 2022
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world. Ricoh is aware of these vulnerabilities disclosed by VMware:
CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected. We will publish an advisory for the affected models. As of April 6, 2022, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services:
Ricoh Smart Integration (RSI) Platform and its applications
RICOH Streamline NX V2, V3
Multifunction Printers
As more information becomes available, we will update this web page.
First published: March 8, 2022
Ricoh is aware of the registration of CVE-2021-33945, a vulnerability that could potentially allow denial-of-service (DoS) attacks by causing certain MFPs/printers to consume large amounts of memory. This vulnerability is due to module behavior, and Ricoh products that use this module are listed here as affected products.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh will release firmware updates here as they become available.
When using products impacted by this security issue, Ricoh strongly advises that customers use SSID (Service Set Identifier) and a password, and avoid using a WPS (Wi-Fi® Protected Setup) connection when establishing a wireless connection. Please refer to the following steps:
| Models with touch panel | Models with 4-line LCD panel | Models with 2-line LCD panel | Models without LCD panel | |
|---|---|---|---|---|
| Network connection by selecting an access point from the network list |
|
|
|
- |
| Network connection by direct input of SSID |
|
|
|
|
Last updated: January 5, 2022
First published: December 15, 2021
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported Apache Log4j 2 remote code execution vulnerabilities Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by these vulnerabilities, including:
Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability.
Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by the CVE-2021-44228 vulnerability. Ricoh products and services not listed are under ongoing investigation.
Production Printers were listed as not being impacted as of December 16, however, investigation is ongoing. Updates will be provided as they are available.
For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.
Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Additional updates on impacted Ricoh products and services and related countermeasures will be provided promptly on this page as they become available.