Alerts & Security Vulnerability Announcements
Notice of security vulnerabilities affecting RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF
Several CVEs listed below have been issued affecting the identified devices.
April 4, 2023
Ricoh is aware of the following vulnerabilities affecting the RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF that could potentially be leveraged by an attacker to remotely execute arbitrary code or escalate privileges on a device already compromised by an attacker.
Ricoh has already taken steps to address the vulnerabilities for the affected devices listed here.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
CVE-2023-23560 – Server-Side Request Forgery: Vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26063 – Postscript Buffer Overflow: A type confusion vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26064 – Postscript Buffer Overflow: An out of bounds write vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26065 – Postscript Buffer Overflow: An integer overflow vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26066 – Postscript Buffer Overflow: An improper stack validation vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26067 – Input Validation: An input validation vulnerability that can be leveraged on an already compromised device to escalate privileges. Can only be exploited on a device that has already been compromised by other means.
CVE-2023-26068 – Embedded Web Server: An embedded web server input sanitization vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26069 – Web API: A web API input validation vulnerability that can be leveraged to remotely execute arbitrary code.
Resolution: Ricoh has issued updated firmware for the affected models to ensure security. The updated firmware supersedes any previously recommended workarounds and addresses all vulnerabilities.
For the RICOH M C240FW and RICOH P C200W, please visit the following links to download the latest firmware and follow the steps to install.
RICOH M C240FW: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/mc240fw/mc240fw.htm
RICOH P C200W: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/pc200w/pc200w.htm
For the RICOH M C550SRF, please contact Ricoh at 1-800-637-4264, option 3 or 4, to schedule a service appointment to install the latest firmware to your device.
Notice on potential impact of vulnerability CVE-2022-43969
First published: December 28, 2022
Ricoh is aware of CVE-2022-43969, which is in the process of being published. This vulnerability could potentially allow certain usernames and passwords to be leaked via Web Image Monitor and could impact devices using a Ricoh controller.
Ricoh has already developed patches for many impacted devices, listed here. Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
We encourage all Ricoh customers who use models listed on this webpage to reset your administrative password to reduce potential risk. We are working rapidly to develop all required patches and as they become available, more information will be provided on that webpage
Rogers nationwide outage — Ricoh Canada has enacted our BCP to continue to provide support to our customers
On Friday, July 8, 2022, telecommunications giant Rogers experienced a nationwide outage that continues to impact wireless, cable, internet and data centre customers. At Ricoh Canada, this is impacting network access for some of our teammates as well as our RCloud customers. While we continue to monitor the situation closely, we’ve enacted our BCP and are available to support our customers. For service calls, please email us at servicecall@ricoh.ca. For general enquiries we can be reached via our website at ricoh.ca, or by email at ricohcanada@ricoh.ca
Notice of the potential impact of CVE-2022-22963 and Spring4Shell vulnerability CVE-2022-22965 on Ricoh products and services
First published: April 6, 2022
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world. Ricoh is aware of these vulnerabilities disclosed by VMware:
CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected. We will publish an advisory for the affected models. As of April 6, 2022, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services:
Ricoh Smart Integration (RSI) Platform and its applications
RICOH Streamline NX V2, V3
Multifunction Printers
As more information becomes available, we will update this web page.
Notice on potential impact of vulnerability towards Ricoh products and services
First published: March 8, 2022
Ricoh is aware of the registration of CVE-2021-33945, a vulnerability that could potentially allow denial-of-service (DoS) attacks by causing certain MFPs/printers to consume large amounts of memory. This vulnerability is due to module behavior, and Ricoh products that use this module are listed here as affected products.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh will release firmware updates here as they become available.
WORKAROUND FOR CUSTOMERS USING IMPACTED PRODUCTS
When using products impacted by this security issue, Ricoh strongly advises that customers use SSID (Service Set Identifier) and a password and avoid using a WPS (Wi-Fi® Protected Setup) connection when establishing a wireless connection. Please refer to the following steps:
Notice: Potential impact of Apache Log4j vulnerability towards Ricoh products and services
Last updated: January 5, 2022
First published: December 15, 2021
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported Apache Log4j 2 remote code execution vulnerabilities Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by these vulnerabilities, including:
Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability.
Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by the CVE-2021-44228 vulnerability. Ricoh products and services not listed are under ongoing investigation.
Production Printers were listed as not being impacted as of December 16, however, investigation is ongoing. Updates will be provided as they are available.
For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.
Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Additional updates on impacted Ricoh products and services and related countermeasures will be provided promptly on this page as they become available.
Notice on Microsoft Windows Print Spooler Vulnerability – July 7, 2021
Ricoh is https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527aware of the security vulnerability, commonly called "Print Nightmare," registered as CVE-2021-34527 and published by Microsoft on July 1, 2021.
The vulnerability allows remote code execution by a standard Microsoft Active Domain user by exploiting vulnerabilities in the print spooler process used by all Microsoft operating systems. Ricoh print drivers are not directly affected by this vulnerability, however, because print drivers for Microsoft Windows operating systems make use of the printer spooler process, any potential mitigation might affect the ability to print or otherwise properly use print drivers.
The security and integrity of our customer's data and devices is of the utmost importance to Ricoh. In light of Microsoft releasing security updates as of July 6, we advise our customers to refer to the Microsoft advisory page.
Please note that a closely related vulnerability (registered under CVE-2021-1675) has been patched by Microsoft recently.
Updates will be provided as more information becomes available.
Email Phishing Alert
Business E-mail Compromise (BEC) / phishing scams continue to be a serious issue for companies including Ricoh. It has recently come to our attention that a Phishing email was sent via a Ricoh-usa.com email address. This is not a legitimate email from Ricoh and should immediately be deleted.
We recommend our customers always be vigilant. If you are uncertain of an email’s legitimacy, reach out to your account team for verification and if necessary, block any fraudulent or suspect domains.
We take these matters seriously, and you should, too. We urge you to be cautious with unexpected email requests for personal or financial information, such as banking or other confidential details. Do not respond to these emails.
Learn additional tips for identifying and handling BEC/phishing scams.
Ransomware
Ransomware continues to be a serious issue for businesses. It has recently come to our attention that a small number of Ricoh devices on a restricted testing network have been impacted. These devices contain no customer or confidential information, and are not on the main Ricoh network. We are working with law enforcement and other appropriate third-parties to conduct a forensic investigation.
We take these matters seriously and are committed to completing a full investigation. Should there be more information uncovered, we will update this page accordingly.
Learn additional tips for identifying and handling ransomware.
Update: Printer Security Program issued to address potential vulnerabilities in some of Ricoh’s printer/PC fax drivers
Ricoh released an updated security program to address additional vulnerabilities which may affect some versions of the printer/PC fax drivers used by certain Ricoh MFPs, printers and digital duplicators.
A complete listing of the affected models and how to securely set up your printer/MFP is now available.
Important product safety information (MPC series)
The multifunction color printer models in the MPC series have identified a rare potential safety concern.
Safety concern on select black and white products
A limited number of production runs of some black and white multifunction printers and standalone printers have been identified with a potential safety concern.
LAN-Fax Generic Driver Upgrade Advisory
Ricoh has identified an irregularity in LAN-Fax Generic Driver, Ver.10.0.0.0 and Ver.10.1.0.0, software used to send faxes from a PC. By obtaining a free download of the latest version of the software, this can be avoided.
Notice on CPU Vulnerabilities - Meltdown and Spectre
Ricoh is aware of the news regarding two security vulnerabilities called "Spectre" and "Meltdown" which were publicly disclosed on January 3, 2018. Both highlight the potential to extract information from a CPU cache by exploiting certain CPU hardware implementation mechanisms.
The security and integrity of our customers' data and devices remains of utmost importance to Ricoh. We are currently investigating to confirm whether any of our devices include and/or are affected by these vulnerabilities.
With this vulnerability there is the potential to extract information from a CPU cache by exploiting certain CPU implementation mechanisms. For this to occur, malicious code would need to be executed on the device.
Our Ricoh MFP/LPs only allow installation of programs which have been digitally signed by Ricoh. This means it is not possible for a malicious program exploiting this vulnerability to be installed on the device.
We are not aware of any data or security breaches to any of our customers at this time.
Our technology and security experts continue to work closely with other hardware and operating system vendors to develop an industry-wide approach to resolve this issue promptly and constructively.
As more information becomes available we will provide updates to this web page.
WannaCry statement
WannaCry is ransomware that targets computers running Windows. After encrypting data on an infected system, it demands payment before you can regain access to your data. WannaCry has infected many computers around the world, and many organizations have started implementing countermeasures.
We are committed to keeping our products and services as secure as possible for our clients around the world. At this time, we are actively monitoring the situation and working to take appropriate measures.
Learn more about how we're addressing the WannaCry vulnerability