Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Ricoh is aware of these vulnerabilities disclosed by VMware:

CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later

We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected. We will publish an advisory for the affected models. As of April 6, 2022, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services:

Ricoh Smart Integration (RSI) Platform and its applications
RICOH Streamline NX V2, V3
Multifunction Printers

As more information becomes available, we will update this web page.

Notice on potential impact of vulnerability towards Ricoh products and services

First published: March 8, 2022

Ricoh is aware of the registration of CVE-2021-33945, a vulnerability that could potentially allow denial-of-service (DoS) attacks by causing certain MFPs/printers to consume large amounts of memory. This vulnerability is due to module behavior, and Ricoh products that use this module are listed here as affected products.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Ricoh will release firmware updates here as they become available.

WORKAROUND FOR CUSTOMERS USING IMPACTED PRODUCTS

When using products impacted by this security issue, Ricoh strongly advises that customers use SSID (Service Set Identifier) and a password and avoid using a WPS (Wi-Fi® Protected Setup) connection when establishing a wireless connection. Please refer to the following steps:

Models with touch panel

Models with 4-line LCD panel

Models with 2-line LCD panel

Models without LCD panel

Network connection by selecting an access point from the network list

1. At the home screen, select “Setting” and “Network Settings.” If there is a password set up, please enter the administrator password.

Select “Wi-fi Configuration” and then “Setup Wizard”
Select an access point from the list of SSID/access points
Enter password to connect

1. Press Menu key to transition to Settings and select “Wi-Fi Setup Wizard” If there is a password set up, please enter the administrator password.

Select an access point from the list of SSID/access points
Enter password to connect

1. Press Menu key to transition to Menu and select “Host Interface”, “Network Setup”, “Wi-fi Config”, and “Setup Wizard”.

Select an access point from the list of SSID/access points
Enter password to connect

Network connection by direct input of SSID

At the home screen, select “Setting” and “Network Settings.” If there is a password set up, please enter the administrator password.
Select “enter SSID”
Enter SSID and password to connect to network

Press Menu key to transition to Settings and select “Wi-Fi Setup Wizard”. If there is a password set up, please enter the administrator password.
Select “Input SSID” and enter SSID and password to connect to network

Press Menu key to transition to Menu and select “Host Interface”, “Network Setup”, “Wi-fi Config”, and “Setup Wizard”.
Select “Input SSID” and enter SSID and password to connect to network

Connect your PC with device via USB
Launch Smart Organizing Monitor
Click [User Tool] tab
Click [Printer Configuration] button and input Access Code if necessary.
Click [Wireless] tab
Check “Manual Setup” at “Configuration Method” menu.
Enter SSID and Password to connect to network

Update: Notice on potential impact of Apache Log4j vulnerability towards Ricoh products and services

Last updated: January 5, 2022

First published: December 15, 2021

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported Apache Log4j 2 remote code execution vulnerabilities Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by these vulnerabilities, including:

Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability.

Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by the CVE-2021-44228 vulnerability. Ricoh products and services not listed are under ongoing investigation.

Production Printers were listed as not being impacted as of December 16, however, investigation is ongoing. Updates will be provided as they are available.

For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.

Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Additional updates on impacted Ricoh products and services and related countermeasures will be provided promptly on this page as they become available.

Office Products	Multifunction Printers/Copiers	Black & White MFP
		Color MFP
		Wide Format MFP
	Printers	Color Laser Printers
		Black & White Laser Printers
		Gel Jet Printers
		Handy Printers
		Printer based MFP
	FAX
	Digital Duplicators
	Projectors
	Video Conferencing
	Interactive Whiteboards
Remote Communication Gates	Remote Communication Gate A2
	Remote Communication Gate A
	Remote Communication Gate Type N/L/BN1/BM1
Software & Solutions	GlobalScan NX
	Card Authentication Package Series
	Enhanced Locked Print Series
	Printer Driver Packager NX
	Ricoh Smart Integration (RSI) Platform and its applications
	RICOH Print Management Cloud
	@Remote Connector NX
	Device Manager NX Accounting
	Device Manager NX Lite
	RICOH Streamline NX V2
	RICOH Streamline NX V3
	Device Manager NX Pro
	Device Manager NX Enterprise
	Common Access Card (CAC) 3.1x, 3.2x
	Common Access Card (CAC) 4.1x
	Streamline NX CAC embedded 3.3.2.200s11
Commercial & Industrial Printing
Commercial & Industrial Printing	Garment Printers

Update: Notice on Microsoft's Print Spooler Vulnerability - July 7, 2021

Ricoh is https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527aware of the security vulnerability, commonly called "Print Nightmare," registered as CVE-2021-34527 and published by Microsoft on July 1, 2021.

The vulnerability allows remote code execution by a standard Microsoft Active Domain user by exploiting vulnerabilities in the print spooler process used by all Microsoft operating systems. Ricoh print drivers are not directly affected by this vulnerability, however, because print drivers for Microsoft Windows operating systems make use of the printer spooler process, any potential mitigation might affect the ability to print or otherwise properly use print drivers.

The security and integrity of our customer's data and devices is of the utmost importance to Ricoh. In the light of Microsoft releasing security updates as of July 6, we advise our customers to refer to the Microsoft advisory page.

Please note that a closely related vulnerability (registered under CVE-2021-1675) has been patched by Microsoft recently.

Updates will be provided as more information becomes available.

Update: Printer Security Program issued to address potential vulnerabilities in some of Ricoh’s printer/PC fax drivers

Ricoh released an updated security program to address additional vulnerabilities which may affect some versions of the printer/PC fax drivers used by certain Ricoh MFPs, printers and digital duplicators.

A complete listing of the affected models and how to securely set up your printer/MFP is now available.

View impacted print drivers

Important product safety information (MPC series)

The multifunction color printer models in the MPC series have identified a rare potential safety concern.

How to check an MPC model

Notice on CPU Vulnerabilities - Meltdown and Spectre

Ricoh is aware of the news regarding two security vulnerabilities called "Spectre" and "Meltdown" which were publicly disclosed on January 3, 2018. Both highlight the potential to extract information from a CPU cache by exploiting certain CPU hardware implementation mechanisms.

The security and integrity of our customers' data and devices remains of utmost importance to Ricoh. We are currently investigating to confirm whether any of our devices include and/or are affected by these vulnerabilities.

With this vulnerability there is the potential to extract information from a CPU cache by exploiting certain CPU implementation mechanisms. For this to occur, malicious code would need to be executed on the device.

Our Ricoh MFP/LPs only allow installation of programs which have been digitally signed by Ricoh. This means it is not possible for a malicious program exploiting this vulnerability to be installed on the device.
We are not aware of any data or security breaches to any of our customers at this time.

Our technology and security experts continue to work closely with other hardware and operating system vendors to develop an industry-wide approach to resolve this issue promptly and constructively.

As more information becomes available we will provide updates to this web page.

Learn more