First level navigation Menu
Full Frame Shot Of Coding

Alerts & Security Vulnerability Announcements

 

Notice of the potential impact of CVE-2022-22963 and Spring4Shell vulnerability CVE-2022-22965 on Ricoh products and services

First published: April 6, 2022
 
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
 
Ricoh is aware of these vulnerabilities disclosed by VMware:
 
  • CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
  • Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
 
We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected. We will publish an advisory for the affected models. As of April 6, 2022, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services:
 
  • Ricoh Smart Integration (RSI) Platform and its applications
  • RICOH Streamline NX V2, V3
  • Multifunction Printers
 
As more information becomes available, we will update this web page.

Notice on potential impact of vulnerability towards Ricoh products and services

First published:  March 8, 2022

 

Ricoh is aware of the registration of CVE-2021-33945, a vulnerability that could potentially allow denial-of-service (DoS) attacks by causing certain MFPs/printers to consume large amounts of memory. This vulnerability is due to module behavior, and Ricoh products that use this module are listed here as affected products.
 
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
 
Ricoh will release firmware updates here as they become available. 
 

WORKAROUND FOR CUSTOMERS USING IMPACTED PRODUCTS

When using products impacted by this security issue, Ricoh strongly advises that customers use SSID (Service Set Identifier) and a password and avoid using a WPS (Wi-Fi® Protected Setup) connection when establishing a wireless connection. Please refer to the following steps:

 

 

Models with touch panel

Models with 4-line LCD panel

Models with 2-line LCD panel

Models without LCD panel

Network connection by selecting an access point from the network list

1.       At the home screen, select “Setting” and “Network Settings.” If there is a password set up, please enter the administrator password.

  1. Select “Wi-fi Configuration” and then “Setup Wizard”
  2. Select an access point from the list of SSID/access points
  3. Enter password to connect

1.       Press Menu key to transition to Settings and select “Wi-Fi Setup Wizard” If there is a password set up, please enter the administrator password.

  1. Select an access point from the list of SSID/access points
  2. Enter password to connect

1.       Press Menu key to transition to Menu and select “Host Interface”, “Network Setup”, “Wi-fi Config”, and “Setup Wizard”.

  1. Select an access point from the list of SSID/access points
  2. Enter password to connect

-           

Network connection by direct input of SSID

  1. At the home screen, select “Setting” and “Network Settings.” If there is a password set up, please enter the administrator password.
  2. Select “enter SSID”
  3. Enter SSID and password to connect to network

 

  1. Press Menu key to transition to Settings and select “Wi-Fi Setup Wizard”. If there is a password set up, please enter the administrator password.
  2. Select “Input SSID” and enter SSID and password to connect to network

 

  1. Press Menu key to transition to Menu and select “Host Interface”, “Network Setup”, “Wi-fi Config”, and “Setup Wizard”.
  2. Select “Input SSID” and enter SSID and password to connect to network

 

  1. Connect your PC with device via USB
  2. Launch Smart Organizing Monitor
  3. Click [User Tool] tab
  4. Click [Printer Configuration] button and input Access Code if necessary.
  5. Click [Wireless] tab
  6. Check “Manual Setup” at “Configuration Method” menu.
  7. Enter SSID and Password to connect to network

 

 

Update: Notice on potential impact of Apache Log4j vulnerability towards Ricoh products and services

Last updated: January 5, 2022
First published: December 15, 2021
 
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
 
Ricoh is aware of the reported Apache Log4j 2 remote code execution vulnerabilities Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by these vulnerabilities, including: 
 
Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability.
 
Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by the CVE-2021-44228 vulnerability. Ricoh products and services not listed are under ongoing investigation.
 
Production Printers were listed as not being impacted as of December 16, however, investigation is ongoing. Updates will be provided as they are available.
 
For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.
 
Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Additional updates on impacted Ricoh products and services and related countermeasures will be provided promptly on this page as they become available.
 

Office Products

Multifunction Printers/Copiers

Black & White MFP

 

Color MFP

 

Wide Format MFP

 

Printers

Color Laser Printers

 

Black & White Laser Printers

 

Gel Jet Printers

 

Handy Printers

 

Printer based MFP

 

FAX

 

 

Digital Duplicators

 

 

Projectors

 

 

Video Conferencing

 

 

Interactive Whiteboards

 

 

Remote Communication Gates

Remote Communication Gate A2

 

 

Remote Communication Gate A

 

 

Remote Communication Gate Type N/L/BN1/BM1

 

 

Software & Solutions

GlobalScan NX

 

 

Card Authentication Package Series

 

 

Enhanced Locked Print Series

 

 

Printer Driver Packager NX

 

 

Ricoh Smart Integration (RSI) Platform and its applications

 

 

RICOH Print Management Cloud

 

 

@Remote Connector NX

 

 

Device Manager NX Accounting

 

 

Device Manager NX Lite

 

 

RICOH Streamline NX V2

 

 

RICOH Streamline NX V3

 

 

Device Manager NX Pro

 

 

Device Manager NX Enterprise

 

 

Common Access Card (CAC) 3.1x, 3.2x

 

Common Access Card (CAC) 4.1x

 

Streamline NX CAC embedded 3.3.2.200s11

 

Commercial & Industrial Printing

 

Garment Printers

 

 

 

 
 

Update: Notice on Microsoft's Print Spooler Vulnerability - July 7, 2021

Ricoh is https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527aware of the security vulnerability, commonly called "Print Nightmare," registered as CVE-2021-34527 and published by Microsoft on July 1, 2021.
 
The vulnerability allows remote code execution by a standard Microsoft Active Domain user by exploiting vulnerabilities in the print spooler process used by all Microsoft operating systems. Ricoh print drivers are not directly affected by this vulnerability, however, because print drivers for Microsoft Windows operating systems make use of the printer spooler process, any potential mitigation might affect the ability to print or otherwise properly use print drivers.
 
The security and integrity of our customer's data and devices is of the utmost importance to Ricoh. In the light of Microsoft releasing security updates as of July 6, we advise our customers to refer to the Microsoft advisory page.
 
Please note that a closely related vulnerability (registered under CVE-2021-1675) has been patched by Microsoft recently.
 
Updates will be provided as more information becomes available.
 
 

Update: Printer Security Program issued to address potential vulnerabilities in some of Ricoh’s printer/PC fax drivers

Ricoh released an updated security program to address additional vulnerabilities which may affect some versions of the printer/PC fax drivers used by certain Ricoh MFPs, printers and digital duplicators.

A complete listing of the affected models and how to securely set up your printer/MFP is now available.
 
 

Important product safety information (MPC series)

The multifunction color printer models in the MPC series have identified a rare potential safety concern.
 
 

Notice on CPU Vulnerabilities - Meltdown and Spectre

 

Ricoh is aware of the news regarding two security vulnerabilities called "Spectre" and "Meltdown" which were publicly disclosed on January 3, 2018. Both highlight the potential to extract information from a CPU cache by exploiting certain CPU hardware implementation mechanisms.


The security and integrity of our customers' data and devices remains of utmost importance to Ricoh. We are currently investigating to confirm whether any of our devices include and/or are affected by these vulnerabilities.

  • With this vulnerability there is the potential to extract information from a CPU cache by exploiting certain CPU implementation mechanisms. For this to occur, malicious code would need to be executed on the device.
  • Our Ricoh MFP/LPs only allow installation of programs which have been digitally signed by Ricoh. This means it is not possible for a malicious program exploiting this vulnerability to be installed on the device.
  • We are not aware of any data or security breaches to any of our customers at this time.

Our technology and security experts continue to work closely with other hardware and operating system vendors to develop an industry-wide approach to resolve this issue promptly and constructively.


As more information becomes available we will provide updates to this web page.