Vulnerabilities Mitigation / Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers - Canon Philippines

06 Sep 2023 (Updated)

Vulnerabilities Mitigation / Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers

Thank you for using Canon Products.

Multiple vulnerabilities were found for certain Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers.

These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.

Buffer Overflow
CVE-2023-0851
CVE-2023-0852
CVE-2023-0853
CVE-2023-0854
CVE-2023-0855
CVE-2023-0856
CVE-2022-43974
CVE-2022-43608

Problems During Initial Registration of System Administrators in Control Protocols
CVE-2023-0857

Improper authentication of RemoteUI
CVE-2023-0858

Installation of arbitrary files
CVE-2023-0859

There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.

We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.

For more details on securing products when connected to a network, please visit here.

We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.

Affected Products:
Small Office MFP/LBP, please click here.
Inkjet Printer, please click here.
Business Multifunction Devices, please click here.

We will continue to update customers on any vulnerability detected in other products.

Contact Information for Inquiries:
Please contact your nearest service centre if you have any queries.

 

First Posted on 17 Apr 2023

Affected Products

imageCLASS LBP

Please click here for latest firmware available for the Affected Models.

Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
LBP121dn - Yes Yes - Yes Yes Yes Yes Yes Yes -
LBP122dw - Yes Yes - Yes Yes Yes Yes Yes Yes -
LBP214dw Yes - Yes - Yes Yes - Yes Yes - Yes
LBP215x Yes - Yes - Yes Yes - Yes Yes - Yes
LBP223dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
LBP226dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
LBP228x Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
LBP611Cn Yes - Yes - Yes Yes - Yes Yes - -
LBP613Cdw Yes - Yes - Yes Yes - Yes Yes - -
LBP621Cw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
LBP623Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
LBP654Cx Yes - Yes - Yes Yes - Yes Yes - -
LBP664Cx Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
LBP673Cdw - Yes Yes - Yes Yes Yes Yes Yes Yes Yes
LBP674Cx - Yes Yes - Yes Yes Yes Yes Yes Yes Yes

*This has been addressed on 12 December 2022

imageCLASS MF

Please click here for latest firmware available for the Affected Models.

Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
MF264dw II Yes Yes Yes - Yes Yes Yes Yes Yes Yes -
MF266dn II Yes Yes Yes - Yes Yes Yes Yes Yes Yes -
MF269dw II Yes Yes Yes - Yes Yes Yes Yes Yes Yes -
MF271dn - Yes Yes - Yes Yes Yes Yes Yes Yes -
MF272dw - Yes Yes - Yes Yes Yes Yes Yes Yes -
MF274dn - Yes Yes - Yes Yes Yes Yes Yes Yes -
MF275dw - Yes Yes - Yes Yes Yes Yes Yes Yes -
MF426dw Yes - Yes - Yes Yes - Yes Yes - Yes
MF429x Yes - Yes - Yes Yes - Yes Yes - Yes
MF441dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF445dw Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF449x Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF525x Yes - Yes   Yes Yes - Yes Yes - Yes
MF543x Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF631Cn Yes - Yes - Yes Yes - Yes Yes - -
MF632Cdw Yes - Yes - Yes Yes - Yes Yes - -
MF633Cdw Yes - Yes - Yes Yes - Yes Yes - -
MF635Cx Yes - Yes - Yes Yes - Yes Yes - -
MF641Cw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF642Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF643Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF644Cdw Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF645Cx Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF735Cx Yes - Yes - Yes Yes - Yes Yes - -
MF746Cx Yes* - Yes Yes Yes Yes Yes Yes Yes Yes Yes
MF752Cdw Yes Yes Yes - Yes Yes Yes Yes Yes Yes Yes
MF756Cx Yes Yes Yes - Yes Yes Yes Yes Yes Yes Yes

*This has been addressed on 12 December 2022

imageRUNNER

Please click here for latest firmware available for the Affected Models.

Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
imageRUNNER 1643i/ 1643iF Yes - Yes Yes Yes Yes Yes Yes Yes Yes Yes
imageRUNNER 1643i II/ 1643iF II Yes Yes Yes - Yes Yes Yes Yes Yes Yes Yes

 

PIXMA

Please click here for latest firmware available for the Affected Models.

Product Model CVE-2022-43974
G3730 Yes
G3770 Yes
G4770 Yes
MAXIFY

Please click here for latest firmware available for the Affected Models.

Product Model CVE-2022-43974
GX3070 Yes
GX4070 Yes
imagePROGRAF

Please click here for latest firmware available for the Affected Models.

Product Model CVE-2022-43974
TC-20 Yes
TC-20M Yes
imageCLASS LBP/MF

Please contact your nearest service centre for update/enquiry.

Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
LBP361dw - Yes - - Yes - Yes Yes - - -
LBP456dw / LBP458x - Yes - - Yes - Yes Yes - - -
LBP722Cx - Yes - - Yes - Yes Yes - - -
imagePRESS

Please contact your nearest service centre for update/enquiry.

Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
imagePRESS C165 / C170 - Yes - - Yes Yes Yes Yes - - -
imagesPRESS C270 / C265  - Yes - - Yes Yes Yes Yes - - -
imagePRESS V900 / V800 / V700 - Yes - - Yes Yes Yes Yes - - -
imagePRESS V1000 - Yes - - Yes Yes Yes Yes - - -
imagePRESS V1350 - Yes - - Yes Yes Yes Yes - - -
imageRUNNER / imageRUNNER ADVANCE

Please contact your nearest service centre for update/enquiry.

Product Model CVE-2022-43608 CVE-2022-43974 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
iR 2425 Series - Yes - - Yes Yes Yes Yes - - -
iR 2600 Series - Yes - - Yes Yes Yes Yes - - -
iR 2700 Series - Yes - - Yes Yes Yes Yes - - -
iR C3222 Series - Yes - - Yes Yes Yes Yes - - -
iR C3226 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV 715 / 615 / 525 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV 4500 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV 4500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV 6500 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV 6500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV 8500 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV 8500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C355 / C255 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C356 / C256 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C356 / C256 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C3500 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C3500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C5500 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C5500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C7500 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV C7500 3rd Edition Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 717 / 617 / 527 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 719 / 619 / 529 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 4700 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 4800 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 4900 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 6700 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 6800 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 8700 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX 8900 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C357 / C257 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C359 / C259 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C3700 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C3800 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C3900 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C5700 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C5800 Series - Yes - - Yes Yes Yes Yes - - -
iR-ADV DX C7700 Series - Yes - - Yes Yes Yes Yes - - -