Vulnerabilities Mitigation / Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers - Canon Taiwan

06 Sep 2023 (Updated)

    Vulnerabilities Mitigation / Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers

    Thank you for using Canon Products.

    Multiple vulnerabilities were found for certain Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers.

    These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.

    Buffer Overflow
    CVE-2023-0851
    CVE-2023-0852
    CVE-2023-0853
    CVE-2023-0854
    CVE-2023-0855
    CVE-2023-0856
    CVE-2022-43974
    CVE-2022-43608

    Problems During Initial Registration of System Administrators in Control Protocols
    CVE-2023-0857

    Improper authentication of RemoteUI
    CVE-2023-0858

    Installation of arbitrary files
    CVE-2023-0859

    There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.

    We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.

    For more details on securing products when connected to a network, please visit here.

    We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.

    Affected Products:
    Small Office MFP/LBP, please click here.
    Inkjet Printer, please click here.
    Business Multifunction Devices, please click here.

    We will continue to update customers on any vulnerability detected in other products.

    Contact Information for Inquiries:
    Please contact your nearest service centre if you have any queries.

     

    First Posted on 17 Apr 2023

    Affected Products

    imageCLASS LBP

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
    LBP121dn - Yes Yes - Yes Yes Yes Yes Yes Yes -
    LBP122dw - Yes Yes - Yes Yes Yes Yes Yes Yes -
    LBP214dw Yes - Yes - Yes Yes - Yes Yes - Yes
    LBP215x Yes - Yes - Yes Yes - Yes Yes - Yes
    LBP223dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP226dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP228x Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP611Cn Yes - Yes - Yes Yes - Yes Yes - -
    LBP613Cdw Yes - Yes - Yes Yes - Yes Yes - -
    LBP621Cw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP623Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP654Cx Yes - Yes - Yes Yes - Yes Yes - -
    LBP664Cx Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP673Cdw - Yes Yes - Yes Yes Yes Yes Yes Yes Yes
    LBP674Cx - Yes Yes - Yes Yes Yes Yes Yes Yes Yes

    *This has been addressed on 12 December 2022

    imageCLASS MF

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
    MF264dw II Yes Yes Yes - Yes Yes Yes Yes Yes Yes -
    MF266dn II Yes Yes Yes - Yes Yes Yes Yes Yes Yes -
    MF269dw II Yes Yes Yes - Yes Yes Yes Yes Yes Yes -
    MF271dn - Yes Yes - Yes Yes Yes Yes Yes Yes -
    MF272dw - Yes Yes - Yes Yes Yes Yes Yes Yes -
    MF274dn - Yes Yes - Yes Yes Yes Yes Yes Yes -
    MF275dw - Yes Yes - Yes Yes Yes Yes Yes Yes -
    MF426dw Yes - Yes - Yes Yes - Yes Yes - Yes
    MF429x Yes - Yes - Yes Yes - Yes Yes - Yes
    MF441dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF445dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF449x Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF525x Yes - Yes   Yes Yes - Yes Yes - Yes
    MF543x Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF631Cn Yes - Yes - Yes Yes - Yes Yes - -
    MF632Cdw Yes - Yes - Yes Yes - Yes Yes - -
    MF633Cdw Yes - Yes - Yes Yes - Yes Yes - -
    MF635Cx Yes - Yes - Yes Yes - Yes Yes - -
    MF641Cw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF642Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF643Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF644Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF645Cx Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF735Cx Yes - Yes - Yes Yes - Yes Yes - -
    MF746Cx Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF752Cdw Yes Yes Yes - Yes Yes Yes Yes Yes Yes Yes
    MF756Cx Yes Yes Yes - Yes Yes Yes Yes Yes Yes Yes

    *This has been addressed on 12 December 2022

    imageRUNNER

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
    imageRUNNER 1643i/ 1643iF Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
    imageRUNNER 1643i II/ 1643iF II Yes Yes Yes - Yes Yes Yes Yes Yes Yes Yes

     

    PIXMA

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-2022-43974
    G3730 Yes
    G3770 Yes
    G4770 Yes
    MAXIFY

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-2022-43974
    GX3070 Yes
    GX4070 Yes
    imagePROGRAF

    Please click here for latest firmware available for the Affected Models.

    Product Model CVE-2022-43974
    TC-20 Yes
    TC-20M Yes
    imageCLASS LBP/MF

    Please contact your nearest service centre for update/enquiry.

    Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
    LBP361dw - Yes - - Yes - Yes Yes - - -
    LBP456dw / LBP458x - Yes - - Yes - Yes Yes - - -
    LBP722Cx - Yes - - Yes - Yes Yes - - -
    imagePRESS

    Please contact your nearest service centre for update/enquiry.

    Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
    imagePRESS C165 / C170 - Yes - - Yes Yes Yes Yes - - -
    imagesPRESS C270 / C265  - Yes - - Yes Yes Yes Yes - - -
    imagePRESS V900 / V800 / V700 - Yes - - Yes Yes Yes Yes - - -
    imagePRESS V1000 - Yes - - Yes Yes Yes Yes - - -
    imagePRESS V1350 - Yes - - Yes Yes Yes Yes - - -
    imageRUNNER / imageRUNNER ADVANCE

    Please contact your nearest service centre for update/enquiry.

    Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
    iR 2425 Series - Yes - - Yes Yes Yes Yes - - -
    iR 2600 Series - Yes - - Yes Yes Yes Yes - - -
    iR 2700 Series - Yes - - Yes Yes Yes Yes - - -
    iR C3222 Series - Yes - - Yes Yes Yes Yes - - -
    iR C3226 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV 715 / 615 / 525 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV 4500 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV 4500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV 6500 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV 6500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV 8500 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV 8500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C355 / C255 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C356 / C256 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C356 / C256 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C3500 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C3500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C5500 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C5500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C7500 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV C7500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 717 / 617 / 527 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 719 / 619 / 529 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 4700 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 4800 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 4900 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 6700 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 6800 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 8700 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX 8900 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C357 / C257 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C359 / C259 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C3700 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C3800 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C3900 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C5700 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C5800 Series - Yes - - Yes Yes Yes Yes - - -
    iR-ADV DX C7700 Series - Yes - - Yes Yes Yes Yes - - -