Alerts & Security Vulnerability Announcements
Notice of security vulnerabilities affecting RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF
Several CVEs listed below have been issued affecting the identified devices.
April 4, 2023
Ricoh is aware of the following vulnerabilities affecting the RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF that could potentially be leveraged by an attacker to remotely execute arbitrary code or escalate privileges on a device already compromised by an attacker.
Ricoh has already taken steps to address the vulnerabilities for the affected devices listed here.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
CVE-2023-23560 – Server-Side Request Forgery: Vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26063 – Postscript Buffer Overflow: A type confusion vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26064 – Postscript Buffer Overflow: An out of bounds write vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26065 – Postscript Buffer Overflow: An integer overflow vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26066 – Postscript Buffer Overflow: An improper stack validation vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26067 – Input Validation: An input validation vulnerability that can be leveraged on an already compromised device to escalate privileges. Can only be exploited on a device that has already been compromised by other means.
CVE-2023-26068 – Embedded Web Server: An embedded web server input sanitization vulnerability that can be leveraged to remotely execute arbitrary code.
CVE-2023-26069 – Web API: A web API input validation vulnerability that can be leveraged to remotely execute arbitrary code.
Resolution: Ricoh has issued updated firmware for the affected models to ensure security. The updated firmware supersedes any previously recommended workarounds and addresses all vulnerabilities.
For the RICOH M C240FW and RICOH P C200W, please visit the following links to download the latest firmware and follow the steps to install.
RICOH M C240FW: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/mc240fw/mc240fw.htm
RICOH P C200W: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/pc200w/pc200w.htm
For the RICOH M C550SRF, please contact Ricoh at 1-800-637-4264, option 3 or 4, to schedule a service appointment to install the latest firmware to your device.
Notice of security investigation: vulnerability CVE-2023-23560
A Server-Side Request Forgery (SSRF) vulnerability exists in some Ricoh devices.
February 21, 2023
Ricoh is aware of CVE-2023-23560, a Server-Side Request Forgery (SSRF) vulnerability that could potentially be leveraged by an attacker to remotely execute arbitrary code on an affected device.
Ricoh has already taken steps to address the vulnerability of impacted devices, listed here.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh encourages all customers who use the RICOH M C240FW and RICOH P C200W to visit this webpage and follow the workaround steps outlined for each model to ensure security.
For customers who use the RICOH M C550SRF, please disable the Web-Services service on the printer (TCP port 65002), which blocks the ability to exploit this vulnerability, by performing the following steps: Go to “Settings” > ”Network/Ports” > “TCP/IP” > “TCP/IP Port Access” and uncheck "TCP 65002 (WSD Print Service)” and save.
Ricoh is quickly working on updated firmware for each model, and more information will be provided as soon as it is made available.
Notice on potential impact of vulnerability CVE-2022-43969
First published: December 28, 2022
Ricoh is aware of CVE-2022-43969, which is in the process of being published. This vulnerability could potentially allow certain usernames and passwords to be leaked via Web Image Monitor and could impact devices using a Ricoh controller.
Ricoh has already developed patches for many impacted devices, listed here. Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
We encourage all Ricoh customers who use models listed on this webpage to reset your administrative password to reduce potential risk. We are working rapidly to develop all required patches and as they become available, more information will be provided on that webpage
Rogers outage/BCP enactment
First published: July 8, 2022
On Friday, July 8, 2022, telecommunications giant Rogers experienced a nationwide outage that continues to impact wireless, cable, internet and data centre customers. At Ricoh Canada, this is impacting network access for some of our teammates as well as our RCloud customers. While we continue to monitor the situation closely, we’ve enacted our BCP and are available to support our customers. For service calls, please email us at servicecall@ricoh.ca. For general enquiries we can be reached via our website at ricoh.ca, or by email at ricohcanada@ricoh.ca
Notice of the potential impact of CVE-2022-22963 and Spring4Shell vulnerability CVE-2022-22965 on Ricoh products and services
First published: April 6, 2022
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh is aware of these vulnerabilities disclosed by VMware:
CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression
Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later
We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected. We will publish an advisory for the affected models. As of April 6, 2022, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services:
Ricoh Smart Integration (RSI) Platform and its applications
RICOH Streamline NX V2, V3
Multifunction Printers
As more information becomes available, we will update this web page.
Notice on potential impact of vulnerability CVE-2021-33945 towards Ricoh products and services
Ricoh is aware of the registration of CVE-2021-33945, a vulnerability that could potentially allow denial-of-service (DoS) attacks by causing certain MFPs/printers to consume large amounts of memory. This vulnerability is due to module behavior, and Ricoh products that use this module are listed here as affected products.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.
Ricoh will release firmware updates here as they become available.
WORKAROUND FOR CUSTOMERS USING IMPACTED PRODUCTS
When using products impacted by this security issue, Ricoh strongly advises that customers use SSID (Service Set Identifier) and a password, and avoid using a WPS (Wi-Fi® Protected Setup) connection when establishing a wireless connection. Please refer to the following steps:
| Models with touch panel | Models with 4-line LCD panel | Models with 2-line LCD panel | Models without LCD panel | |
|---|---|---|---|---|
| Network connection by selecting an access point from the network list |
|
|
|
- |
| Network connection by direct input of SSID |
|
|
|
|
Notice: Potential impact of Apache Log4j vulnerability towards Ricoh products and services
Last updated: January 5, 2022
First published: December 15, 2021
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported Apache Log4j 2 remote code execution vulnerabilities Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by these vulnerabilities, including:
Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability.
Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by the CVE-2021-44228 vulnerability. Ricoh products and services not listed are under ongoing investigation.
Production Printers were listed as not being impacted as of December 16, however, investigation is ongoing. Updates will be provided as they are available.
For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.
Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Additional updates on impacted Ricoh products and services and related countermeasures will be provided promptly on this page as they become available.
List 1: Ricoh products, software services not affected by this vulnerability
| Office Products | Multifunction Printers/Copiers | Black & White MFP | |
| Color MFP | |||
| Wide Format MFP | |||
| Printers | Black & White Laser Printers | ||
| Color Laser Printers | |||
| GelJet Printers | |||
| Handy Printers | |||
| Printer based MFP | |||
| FAX | |||
| Digital Duplicators | |||
| Projectors | |||
| Video Conferencing | |||
| Interactive Whiteboards | |||
| Remote Communication Gates | Remote Communication Gate A2 | ||
| Remote Communication Gate A | |||
| Remote Communication Gate Type N/L/BN1/BM1 | |||
| Software & Solutions | Card Authentication Package Series | ||
| Device Manager NX Accounting | |||
| Device Manager NX Enterprise | |||
| Device Manager NX Lite | |||
| Device Manager NX Pro | |||
| Docuware | |||
| GlobalScan NX/td> | |||
| Enhanced Locked Print Series | |||
| Printer Driver Packager NX | |||
| @Remote Connector NX | |||
| Ricoh Smart Integration (RSI) Platform and its applications | |||
| RICOH Print Management Cloud | |||
| RICOH Streamline NX V2 | |||
| RICOH Streamline NX V3 | |||
| Common Access Card Authentication v3 | |||
| Common Access Card Authentication v4 | |||
| Commercial & Industrial Printing | Cutsheet Printers | ||
| Wide Format Printers | |||
| Garment Printers | |||
| Software & Apps | RICOH InfoPrint® Font Collection | ||
| RICOH InfoPrint® PPFA | |||
| RICOH InfoPrint® WorkFlow | |||
| RICOH Web Enablement Solutions Suite | |||
Notice on Microsoft Windows Print Spooler Vulnerability – July 7, 2021
Ricoh is aware of the security vulnerability, commonly called "Print Nightmare," registered as CVE-2021-34527 and published by Microsoft on July 1, 2021.
The vulnerability allows remote code execution by a standard Microsoft Active Domain user by exploiting vulnerabilities in the print spooler process used by all Microsoft operating systems. Ricoh print drivers are not directly affected by this vulnerability, however, because print drivers for Microsoft Windows operating systems make use of the printer spooler process, any potential mitigation might affect the ability to print or otherwise properly use print drivers.
The security and integrity of our customer's data and devices is of the utmost importance to Ricoh. In the light of Microsoft releasing security updates as of July 6, we advise our customers to refer to the Microsoft advisory page.
Please note that a closely related vulnerability (registered under CVE-2021-1675) has been patched by Microsoft recently.
Updates will be provided as more information becomes available.
Update: Notice on Ripple20 Treck TCP/IP Stack Potential Vulnerabilities
First published July 8, 2020
Date of current status July 31, 2020
Ricoh is aware of the security vulnerabilities known as the “Ripple20” disclosed by the JSOF on June 16, 2020. These vulnerabilities could potentially allow a remote hacker to trigger an information leak if a specific TCP/IP stack version is used.
https://www.jsof-tech.com/ripple20/
https://www.us-cert.gov/ics/advisories/icsa-20-168-01
We have confirmed that Ricoh A3-sized multi-function printers, production printers, digital duplicators, Interactive White Boards, projectors, and Unified Communication Systems do not use IP stack modules from Treck Inc. and Kasago of Zuken Elmic, Inc.
We also have confirmed that no current A4-sized device sold by Ricoh USA, Inc. is impacted with these potential vulnerabilities. Within the US, four devices were previously sold that could have been impacted:
RICOH SP 1210N (discontinued 1/1/2014)
RICOH GX e3300N (discontinued 4/4/2012)
RICOH GX e7700N (discontinued 10/1/2014)
RICOH 4410 SF (discontinued 8/1/2013)
Visit here for information regarding products in other regions.
The Potential Vulnerability Summary
The affected printer has potential vulnerabilities which may cause a device stall, memory destruction, and network failure, but won't be exploited by a springboard attack or cause confidential information leakage. Please visit here.
This vulnerability will not affect devices connected to the customer’s network if the network is properly configured against external attacks. Ricoh recommends always using best practices for network protection, including:
1. When the device is connected to a network, ensure that the network is protected, for example, by a firewall.
2. Install the device in a secure network where users restrictions are in place.
Resolution
Please download the updated firmware as below. Ricoh will release further updated firmware on the driver site as it is available.
| Model Name | New Firmware Version | Solved CVEs |
|---|---|---|
| Aficio GX e3300N |
Ver.1.19 http://support.ricoh.com/bb/html/dr_ut_e/re2/model/gxe330/gxe330.htm |
CVE-2020-11907 |
| Aficio GX e7700N |
Ver.1.05 http://support.ricoh.com/bb/html/dr_ut_e/rc2/model/gxe770/gxe770.htm |
CVE-2020-11907 |
The security and integrity of our customers' data and devices remain of utmost importance to Ricoh and will publish additional advisories for any other affected models, when applicable.
For further details on best practices for securely setting up your printer or MFP, please visit here.
Email Phishing Alert
Business E-mail Compromise (BEC) / phishing scams continue to be a serious issue for companies including Ricoh. It has recently come to our attention that a Phishing email was sent via a Ricoh-usa.com email address. This is not a legitimate email from Ricoh and should immediately be deleted.
We recommend our customers always be vigilant. If you are uncertain of an email’s legitimacy, reach out to your account team for verification and if necessary, block any fraudulent or suspect domains.
We take these matters seriously, and you should, too. We urge you to be cautious with unexpected email requests for personal or financial information, such as banking or other confidential details. Do not respond to these emails.
Learn additional tips for identifying and handling BEC/phishing scams.
Ransomware
Ransomware continues to be a serious issue for businesses. It has recently come to our attention that a small number of Ricoh devices on a restricted testing network have been impacted. These devices contain no customer or confidential information, and are not on the main Ricoh network. We are working with law enforcement and other appropriate third-parties to conduct a forensic investigation.
We take these matters seriously and are committed to completing a full investigation. Should there be more information uncovered, we will update this page accordingly.
Learn additional tips for identifying and handling ransomware.
Update: Printer Security Program issued to address potential vulnerabilities in some of Ricoh’s printer/PC fax drivers
Ricoh released an updated security program to address additional vulnerabilities which may affect some versions of the printer/PC fax drivers used by certain Ricoh MFPs, printers and digital duplicators.
A complete listing of the affected models and how to securely set up your printer/MFP is now available.
Important product safety information (MPC series)
The multifunction color printer models in the MPC series have identified a rare potential safety concern.
Safety concern on select black and white products
A limited number of production runs of some black and white multifunction printers and standalone printers have been identified with a potential safety concern.
LAN-Fax Generic Driver Upgrade Advisory
Ricoh has identified an irregularity in LAN-Fax Generic Driver, Ver.10.0.0.0 and Ver.10.1.0.0, software used to send faxes from a PC. By obtaining a free download of the latest version of the software, this can be avoided.
Notice on CPU Vulnerabilities - Meltdown and Spectre
Ricoh is aware of the news regarding two security vulnerabilities called "Spectre" and "Meltdown" which were publicly disclosed on January 3, 2018. Both highlight the potential to extract information from a CPU cache by exploiting certain CPU hardware implementation mechanisms.
The security and integrity of our customers' data and devices remains of utmost importance to Ricoh. We are currently investigating to confirm whether any of our devices include and/or are affected by these vulnerabilities.
With this vulnerability there is the potential to extract information from a CPU cache by exploiting certain CPU implementation mechanisms. For this to occur, malicious code would need to be executed on the device.
Our Ricoh MFP/LPs only allow installation of programs which have been digitally signed by Ricoh. This means it is not possible for a malicious program exploiting this vulnerability to be installed on the device.
We are not aware of any data or security breaches to any of our customers at this time.
Our technology and security experts continue to work closely with other hardware and operating system vendors to develop an industry-wide approach to resolve this issue promptly and constructively.
As more information becomes available we will provide updates to this web page.
WannaCry statement
WannaCry is ransomware that targets computers running Windows. After encrypting data on an infected system, it demands payment before you can regain access to your data. WannaCry has infected many computers around the world, and many organizations have started implementing countermeasures.
We are committed to keeping our products and services as secure as possible for our clients around the world. At this time, we are actively monitoring the situation and working to take appropriate measures.
Learn more about how we're addressing the WannaCry vulnerability