A Server-Side Request Forgery vulnerability
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh has identified a Server-Side Request Forgery (SSRF) vulnerability (CVE-2023-23560) in some of our devices listed below.
SSRF can occur because of a lack of input validation. Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device. Please refer to the following URL for further details: https://nvd.nist.gov/vuln/detail/CVE-2023-23560
Update: eight vulnerabilities:
- CVE-2023-26063: Type confusion may occur with PostScript interpreter.
- CVE-2023-26064: Out of bounds write may occur with PostScript interpreter.
- CVE-2023-26065: Integer overflow may occur with PostScript interpreter.
- CVE-2023-26066: Stack may be improperly validated with PostScript interpreter.
- CVE-2023-26067: Lack of input validation may be leveraged by an attacker who has already compromised the device to escalate privileges.
- CVE-2023-26068: The Embedded Web Server may not properly sanitize input data.
- CVE-2023-26069: Arbitrary code may be executed due to lack of input validation in the Web API.
- CVE-2023-26070: Arbitrary code may be executed due to lack of input validation in the SNMP feature.
Successful exploitation of these vulnerabilities can lead to an attacker being able to remotely execute arbitrary code on a device.
Ricoh products affected by this vulnerability
| Product | Link to further details including firmware update and recommended action for resolution |
| M C240FW | Affected. For details, please refer to the following URL: https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2023-000002 |
| P C200W | Affected. For details, please refer to the following URL: https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2023-000002 |
Contact
Please contact your local Ricoh representative or dealer if you have any queries.
| About Ricoh |
Ricoh is empowering digital workplaces using innovative technologies and services that enable individuals to work smarter from anywhere.
With cultivated knowledge and organizational capabilities nurtured over its 85-year history, Ricoh is a leading provider of digital services, information management, and print and imaging solutions designed to support digital transformation and optimize business performance.
Headquartered in Tokyo, Ricoh Group has major operations throughout the world and its products and services now reach customers in approximately 200 countries and regions. In the financial year ended March 2022, Ricoh Group had worldwide sales of 1,758 billion yen (approx. 14.5 billion USD).
For further information, please visit www.ricoh-europe.com
© 2023 RICOH COMPANY, LTD. All rights reserved. All referenced product names are the trademarks of their respective companies.
For further information, please contact:
Ricoh Europe PLC
Charlotte Fernandez
E-mail: media@ricoh-europe.com
Homepage: www.ricoh-europe.com
Join us on Facebook: www.facebook.com/ricoheurope
Follow us on Twitter: www.twitter.com/ricoheurope
Follow us on LinkedIn: http://linkedin.com/company/ricoh-europe
Visit the Ricoh media centre at: www.ricoh-europe.com/press