Home
News & Events
News
Notice of security investigation: Vulnerability (CVE 2022 43969)
28.12.2022

Notice of security investigation: Vulnerability (CVE-2022-43969) towards scanner or FAX-installed Ricoh products that may cause folder user password breach

  • Vulnerability Information ID: ricoh-2022-000002

  • Version: 1.00E

  • CVE ID (CWE ID): CVE-2022-43969 (CWE-255)

  • CVSSv3 score: 9.1 (CRITICAL)

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Threat of folder user password breach"(CVE-2022-43969) that affects certain products and services that Ricoh develops, manufactures, and offers.

The user password for the folder, that is saved to a device with data transmission functionality, may be breached via a malicious ftp server by changing data transmission setting.

List 1 below shows the affected products and services. Ricoh offers measures detailed in the hyperlinked pages in the list.

Products and services not mentioned in List 1 are currently under security investigation. Please note that this page will be updated if there is change in status.

List 1: Ricoh products and services affected by this vulnerability

Product/serviceLink to details
Pro C5300S/C5310S

Affected. For details, please refer to the following URL.  

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000019-2022-000002

M C2001

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000018-2022-000002

IM C530F/IM C530FB

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000017-2022-000002

IM 350F/350/430F/430Fb

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000016-2022-000002

MP 305+

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000015-2022-000002

IM 350/430Fb

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000014-2022-000002

IM 550F/600F/600SRF

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000013-2022-000002

IM 7000/8000/9000

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000012-2022-000002

MP 2555/3055/3555/4055/5055/6055

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000011-2022-000002

IM 2500/3000/3500/4000/5000/6000

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000010-2022-000002

M 2700/2701/2702

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000009-2022-000002

IM C400F/IM C300F/IM C300/IM C400SRF

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000008-2022-000002

IM C2000/C2500

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000007-2022-000002

IM C5500/C6000

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000006-2022-000002

IM C3000/C3500/C4500

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000005-2022-000002

RICOH MP C2004/MP C2504

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000004-2022-000002

RICOH MP C5504/C6004

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000003-2022-000002

RICOH MP C3004/C3504/C4504

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000002-2022-000002

IM C6500/C8000

Affected. For details, please refer to the following URL.

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000001-2022-000002

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

Acknowledgement

Ricoh would like to thank Wouter Arts and Geert Braakhekke of WTH Security for reporting this vulnerability.

| About Ricoh |

Ricoh is empowering digital workplaces using innovative technologies and services that enable individuals to work smarter from anywhere.

With cultivated knowledge and organizational capabilities nurtured over its 85-year history, Ricoh is a leading provider of digital services, information management, and print and imaging solutions designed to support digital transformation and optimize business performance.

Headquartered in Tokyo, Ricoh Group has major operations throughout the world and its products and services now reach customers in approximately 200 countries and regions. In the financial year ended March 2022, Ricoh Group had worldwide sales of 1,758 billion yen (approx. 14.5 billion USD).

For further information, please visit www.ricoh-europe.com

© 2023 RICOH COMPANY, LTD. All rights reserved. All referenced product names are the trademarks of their respective companies.

For further information, please contact: 
Ricoh Europe PLC
Charlotte Fernandez
E-mail: media@ricoh-europe.com
Homepage: www.ricoh-europe.com
Join us on Facebook: www.facebook.com/ricoheurope
Follow us on Twitter: www.twitter.com/ricoheurope
Follow us on LinkedIn: http://linkedin.com/company/ricoh-europe

Visit the Ricoh media centre at: www.ricoh-europe.com/press