Vulnerabilities Mitigation / Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers - Canon Philippines

17 Apr 2023

    Vulnerabilities Mitigation / Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers

    Thank you for using Canon Products.

    Multiple vulnerabilities were found for certain Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers.

    These vulnerabilities indicate the possibility that if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker via the Internet may be able to execute arbitrary code and/or may be able to target the product in a Denial-of Service (DoS) attack. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.

    Buffer Overflow
    CVE-2023-0851
    CVE-2023-0852
    CVE-2023-0853
    CVE-2023-0854
    CVE-2023-0855
    CVE-2023-0856
    CVE-2022-43974
    CVE-2022-43608

    Problems During Initial Registration of System Administrators in Control Protocols
    CVE-2023-0857

    Improper authentication of RemoteUI
    CVE-2023-0858

    Installation of arbitrary files
    CVE-2023-0859

    There have been no reports of damage relating to this vulnerability. However, to enhance the security of the product, we advise customers to install the latest firmware available for the Affected Models provided below.

    We also recommend customers to set a private IP address for the products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.

    For more details on securing products when connected to a network, please visit here.

    We continue to review and strengthen security measures for our products to ensure that customers can continue using Canon products with peace of mind.

    Affected Products:
    Small Office MFP/LBP, please click here.
    Inkjet Printer, please click here.

    We will continue to update customers on any vulnerability detected in other products.

    Please click here for latest firmware available for the Affected Models.

    Contact Information for Inquiries:
    Please contact your nearest service centre if you have any queries.

     

    First Posted on 17 Apr 2023

    Affected Products

    Small Office MFP/LBP Laser Printers

    imageCLASS
    Product Model CVE-2022-43608 CVE-2023-0851 CVE-2023-0852 CVE-2023-0853 CVE-2023-0854 CVE-2023-0855 CVE-2023-0856 CVE-2023-0857 CVE-2023-0858 CVE-2023-0859
    LBP621Cw Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP623Cdw Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    LBP664Cx Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF641Cw Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF642Cdw Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF643Cdw Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF644Cdw Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF645Cx Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes
    MF746Cx Yes* Yes Yes Yes Yes Yes Yes Yes Yes Yes

    *This has been addressed on 12 December 2022

    Inkjet Printers

    PIXMA
    Product Model CVE-2022-43974
    G3730 Yes
    G3770 Yes
    G4770 Yes
    MAXIFY
    Product Model CVE-2022-43974
    GX3070 Yes
    GX4070 Yes
    imagePROGRAF
    Product Model CVE-2022-43974
    TC-20 Yes
    TC-20M Yes