Contact Us
Contact us for telephone or E-mail support
On this page you will find important information regarding Canon security
It has come to our attention that there are several websites claiming to offer significantly discounted Canon products at 90% off or more. These websites are designed to look like our official Canon Store and we believe they are not legitimate, aimed only at confusing and deceiving our customers into sharing personal and financial data. We advise our customers to be vigilant when shopping online with Canon and other retailers.
To recognise the official Canon online store, all Canon stores across Europe have a similar domain name: https://store.canon.xx
The final characters change per each country. For example: https://store.canon.fr & https://store.canon.co.uk.
Description
Two vulnerabilities have been identified for IJ Network Tool (Hereafter, the Software). These vulnerabilities suggest the possibility that an attacker connected to the same network as the printer may be able to acquire sensitive information on the Wi-Fi connection setup of the printer by using the Software or by referring to its communication.
CVE/CVSS
CVE-2023-1763: Acquisition of sensitive information on the Wi-Fi connection setup of the printer from the Software. CVSS v3 CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5.
CVE-2023-1764: Acquisition of sensitive information on the Wi-Fi connection setup of the printer from the communication of the Software. CVSS v3 CVSS: 3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5.
Affected Products
The following models are affected by CVE-2023-1763:
Mac Network Tool:
MAXIFY iB4040, MAXIFY iB4050, MAXIFY iB4140, MAXIFY iB4150
MAXIFY MB2040, MAXIFY MB2050, MAXIFY MB2140, MAXIFY MB2150, MAXIFY MB2155, MAXIFY MB2340, MAXIFY MB2350, MAXIFY MB2740, MAXIFY MB2750, MAXIFY MB2755, MAXIFY MB5040, MAXIFY MB5050, MAXIFY MB5140, MAXIFY MB5150, MAXIFY MB5155, MAXIFY MB5340, MAXIFY MB5350, MAXIFY MB5440, MAXIFY MB5450, MAXIFY MB5455
PIXMA E464, PIXMA E484
PIXMA G3400, PIXMA G3500, PIXMA G3501
PIXMA iP110, PIXMA iP5200R, PIXMA iP7240, PIXMA iP7250, PIXMA iP8740, PIXMA iP8750
PIXMA iX6840, PIXMA iX6850, PIXMA iX7000
PIXMA MG2940, PIXMA MG2950, PIXMA MG3140, PIXMA MG3150, PIXMA MG3240, PIXMA MG3250, PIXMA MG3500, PIXMA MG3540, PIXMA MG3550, PIXMA MG3640, PIXMA MG3650, PIXMA MG4140, PIXMA MG4150, PIXMA MG4240, PIXMA MG4250, PIXMA MG5240, PIXMA MG5250, PIXMA MG5340, PIXMA MG5350, PIXMA MG5440, PIXMA MG5450, PIXMA MG5540, PIXMA MG5550, PIXMA MG5640, PIXMA MG5650, PIXMA MG5740, PIXMA MG5750, PIXMA MG6140, PIXMA MG6150, PIXMA MG6240, PIXMA MG6250, PIXMA MG6340, PIXMA MG6350, PIXMA MG6440, PIXMA MG6450, PIXMA MG6640, PIXMA MG6650, PIXMA MG6840, PIXMA MG6850, PIXMA MG6851, PIXMA MG6852, PIXMA MG6853, PIXMA MG7140, PIXMA MG7150, PIXMA MG7540, PIXMA MG7550, PIXMA MG7740, PIXMA MG7750, PIXMA MG7751, PIXMA MG7752, PIXMA MG7753, PIXMA MG8140, PIXMA MG8150, PIXMA MG8240, PIXMA MG8250
PIXMA MP495, PIXMA MP560, PIXMA MP600R, PIXMA MP620, PIXMA MP640, PIXMA MP800R, PIXMA MP970, PIXMA MP980, PIXMA MP990
PIXMA MX340, PIXMA MX350, PIXMA MX410, PIXMA MX420, PIXMA MX434, PIXMA MX435, PIXMA MX454, PIXMA MX455, PIXMA MX474, PIXMA MX475, PIXMA MX494, PIXMA MX495, PIXMA MX514, PIXMA MX515, PIXMA MX524, PIXMA MX525, PIXMA MX534, PIXMA MX535, PIXMA MX700, PIXMA MX714, PIXMA MX715, PIXMA MX725, PIXMA MX7600, PIXMA MX850, PIXMA MX860, PIXMA MX870, PIXMA MX884, PIXMA MX885, PIXMA MX894, PIXMA MX895, PIXMA MX924, PIXMA MX925
PIXMA PRO-1, PIXMA PRO-10, PIXMA PRO-100, PIXMA PRO-100S, PIXMA PRO-10S
Wireless Print Server WP-20
Windows Network Tool:
Not applicable
The following models are affected by CVE-2023-1764:
Mac Network Tool:
MAXIFY iB4040, MAXIFY iB4050, MAXIFY iB4140, MAXIFY iB4150
MAXIFY MB2040, MAXIFY MB2050, MAXIFY MB2140, MAXIFY MB2150, MAXIFY MB2155, MAXIFY MB2340, MAXIFY MB2350, MAXIFY MB2740, MAXIFY MB2750, MAXIFY MB2755, MAXIFY MB5040, MAXIFY MB5050, MAXIFY MB5140, MAXIFY MB5150, MAXIFY MB5155, MAXIFY MB5340, MAXIFY MB5350, MAXIFY MB5440, MAXIFY MB5450, MAXIFY MB5455
PIXMA E464, PIXMA E484
PIXMA G3400, PIXMA G3500, PIXMA G3501
PIXMA iP110, PIXMA iP5200R, PIXMA iP7240, PIXMA iP7250, PIXMA iP8740, PIXMA iP8750
PIXMA iX6840, PIXMA iX6850, PIXMA iX7000
PIXMA MG2940, PIXMA MG2950, PIXMA MG3140, PIXMA MG3150, PIXMA MG3240, PIXMA MG3250, PIXMA MG3500, PIXMA MG3540, PIXMA MG3550, PIXMA MG3640, PIXMA MG3650, PIXMA MG4140, PIXMA MG4150, PIXMA MG4240, PIXMA MG4250, PIXMA MG5240, PIXMA MG5250, PIXMA MG5340, PIXMA MG5350, PIXMA MG5440, PIXMA MG5450, PIXMA MG5540, PIXMA MG5550, PIXMA MG5640, PIXMA MG5650, PIXMA MG5740, PIXMA MG5750, PIXMA MG6140, PIXMA MG6150, PIXMA MG6240, PIXMA MG6250, PIXMA MG6340, PIXMA MG6350, PIXMA MG6440, PIXMA MG6450, PIXMA MG6640, PIXMA MG6650, PIXMA MG6840, PIXMA MG6850, PIXMA MG6851, PIXMA MG6852, PIXMA MG6853, PIXMA MG7140, PIXMA MG7150, PIXMA MG7540, PIXMA MG7550, PIXMA MG7740, PIXMA MG7750, PIXMA MG7751, PIXMA MG7752, PIXMA MG7753, PIXMA MG8140, PIXMA MG8150, PIXMA MG8240, PIXMA MG8250
PIXMA MP495, PIXMA MP560, PIXMA MP600R, PIXMA MP620, PIXMA MP640, PIXMA MP800R, PIXMA MP970, PIXMA MP980, PIXMA MP990
PIXMA MX340, PIXMA MX350, PIXMA MX410, PIXMA MX420, PIXMA MX434, PIXMA MX435, PIXMA MX454, PIXMA MX455, PIXMA MX474, PIXMA MX475, PIXMA MX494, PIXMA MX495, PIXMA MX514, PIXMA MX515, PIXMA MX524, PIXMA MX525, PIXMA MX534, PIXMA MX535, PIXMA MX700, PIXMA MX714, PIXMA MX715, PIXMA MX725, PIXMA MX7600, PIXMA MX850, PIXMA MX860, PIXMA MX870, PIXMA MX884, PIXMA MX885, PIXMA MX894, PIXMA MX895, PIXMA MX924, PIXMA MX925
PIXMA PRO-1, PIXMA PRO-10, PIXMA PRO-100, PIXMA PRO-100S, PIXMA PRO-10S
Wireless Print Server WP-20
Windows Network Tool:
MAXIFY iB4040, MAXIFY iB4050
MAXIFY MB2040, MAXIFY MB2050, MAXIFY MB2340, MAXIFY MB2350, MAXIFY MB5040, MAXIFY MB5050, MAXIFY MB5340, MAXIFY MB5350
PIXMA E464, PIXMA E484
PIXMA G3400, PIXMA G3500, PIXMA G3501
PIXMA iP110, PIXMA iP5200R, PIXMA iP7240, PIXMA iP7250, PIXMA iP8740, PIXMA iP8750
PIXMA iX6840, PIXMA iX6850, PIXMA iX7000
PIXMA MG2940, PIXMA MG2950, PIXMA MG3140, PIXMA MG3150, PIXMA MG3240, PIXMA MG3250, PIXMA MG3500, PIXMA MG3540, PIXMA MG3550, PIXMA MG3640, PIXMA MG3650, PIXMA MG4140, PIXMA MG4150, PIXMA MG4240, PIXMA MG4250, PIXMA MG5240, PIXMA MG5250, PIXMA MG5340, PIXMA MG5350, PIXMA MG5440, PIXMA MG5450, PIXMA MG5540, PIXMA MG5550, PIXMA MG5640, PIXMA MG5650, PIXMA MG5740, PIXMA MG5750, PIXMA MG6140, PIXMA MG~6150, PIXMA MG6240, PIXMA MG6250, PIXMA MG6340, PIXMA MG6350, PIXMA MG6440, PIXMA MG6450, PIXMA MG6640, PIXMA MG6650, PIXMA MG6840, PIXMA MG6850, PIXMA MG6851, PIXMA MG6852, PIXMA MG6853, PIXMA MG7140, PIXMA MG7150, PIXMA MG7540, PIXMA MG7550, PIXMA MG7740, PIXMA MG7750, PIXMA MG7751, PIXMA MG7752, PIXMA MG7753, PIXMA MG8140, PIXMA MG8150, PIXMA MG8240, PIXMA MG8250
PIXMA MP495, PIXMA MP560, PIXMA MP600R, PIXMA MP620, PIXMA MP640, PIXMA MP800R, PIXMA MP970, PIXMA MP980, PIXMA MP990
PIXMA MX340, PIXMA MX350, PIXMA MX410, PIXMA MX420, PIXMA MX434, PIXMA MX435, PIXMA MX454, PIXMA MX455, PIXMA MX474, PIXMA MX475, PIXMA MX494, PIXMA MX495, PIXMA MX514, PIXMA MX515, PIXMA MX524, PIXMA MX525, PIXMA MX534, PIXMA MX535, PIXMA MX700, PIXMA MX714, PIXMA MX715, PIXMA MX725, PIXMA MX7600, PIXMA MX850, PIXMA MX860, PIXMA MX870, PIXMA MX884, PIXMA MX885, PIXMA MX894, PIXMA MX895, PIXMA MX924, PIXMA MX925
PIXMA PRO-1, PIXMA PRO-10, PIXMA PRO-100, PIXMA PRO-100S, PIXMA PRO-10S
Wireless Print Server WP-20
Affected Versions
The following versions are affected by CVE-2023-1763:
Mac Network Tool:
Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13)
Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8)
Windows Network Tool:
Not applicable
The following versions are affected by CVE-2023-1764:
Mac Network Tool:
Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13)
Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8)
Windows Network Tool:
Ver.3.7.0
Mitigation/Remediation
For CVE-2023-1763:
The workaround for this vulnerability is to use printers with a trusted network connection. Please refer here for “Security for Product Connecting to a Network”.
In addition, for Mac Network Tool, please download the updated software versions released.
For steps on how to update the software for MAXIFY and PIXMA inkjet printers to Ver.4.7.6 (supported OS: OS X 10.9.5-macOS 13) or Ver.4.7.4 (supported OS: OS X 10.7.5-OS X 10.8), please visit software download page Consumer Product Support and select your model, select Software tab and select IJ network tool or Wi-Fi Connection Assistant.
For CVE-2023-1764:
The workaround for this vulnerability is to use printers with a trusted network connection. Please refer here for “Security for Product Connecting to a Network”.
Credits
Canon would like to thank National Cyber Security Centre Netherlands for reporting these vulnerabilities.
Several vulnerabilities have been identified for certain Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers.
These vulnerabilities suggest the possibility that, if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code on the device. They may also be able to target the product in a Denial-of-Service (DoS) attack via the Internet. An attacker may also be able to install arbitrary files due to improper authentication of RemoteUI.
<Buffer Overflow>
CVE-2023-0851
CVE-2023-0852
CVE-2023-0853
CVE-2023-0854
CVE-2023-0855
CVE-2023-0856
CVE-2022-43974
<Problems during Initial Registration of System Administrators in Control Protocols>
CVE-2023-0857
<Improper Authentication of RemoteUI>
CVE-2023-0858
<Installation of Arbitrary Files>
CVE-2023-0859
There have been no reports of these vulnerabilities being exploited. However, to enhance the security of the product, we advise that our customers install the latest firmware available for the affected models provided below. We also recommend that customers set a private IP address for their products and create a network environment with a firewall or Wired/Wi-Fi router that can restrict network access.
For more details on securing products when connected to a network, please visit Product Security.
We will continue to further strengthen our security measures to ensure that you can continue using Canon products with peace of mind. If the vulnerabilities are identified in other products, we will update this article.
The following models are affected by CVE-2022-43608, CVE2023-0851, CVE-2023-0852, CVE-2023-0853, CVE-2023-0854, CVE-2023-0855, CVE-2023-0856, CVE-2023-0857, CVE-0858, and CVE0859:
i-SENSYS LBP621Cw, LBP623Cdw
i-SENSYS LBP633Cdw, LBP664Cx
i-SENSYS MF641Cw, MF643CDW, MF645Cx
i-SENSYS MF742CDW, MF744CDW, MF746Cx
i-SENSYS X C1127i, C1127iF
i-SENSYS X C1127P
The following models are affected by CVE-2022-43974:
imagePROGRAF TC-20
imagePROGRAF TC-20M
MAXIFY GX3040, MAXIFY GX3050
MAXIFY GX4040, MAXIFY GX4050
PIXMA G3430
PIXMA G3470 BK, PIXMA G3470 RED, PIXMA G3470 WH, PIXMA G3570, PIXMA G3571, PIXMA G3572
PIXMA G4470, PIXMA G4570
Please visit Support for firmware, software, and product support information.
For steps on how to update the firmware for MAXIFY, PIXMA and imagePROGRAF inkjet printers, please view the Online Manual.
Canon would like to thank the following researchers for identifying these vulnerabilities:
A potential data exposure vulnerability has been identified in uniFLOW Server and uniFLOW Remote Print Server.
Whilst we have not received any reports of exploitation, we recommend that you upgrade your implementation to the latest version.
Details of the vulnerability, mitigation and remediation can be found at:
Security Advisory: MOM Tech Support Vulnerability - NT-ware Support
Multiple cases of buffer overflow vulnerabilities have been identified with Canon Laser Printers and Small Office Multifunctional Printers. A list of affected models is given below.
Whilst we have not received any reports of exploitation, we recommend that you upgrade your device firmware to the latest version.
This vulnerability suggests that if a product is connected directly to the Internet without using a wired or Wi-Fi router, a third party on the Internet could execute arbitrary code or the product could be subjected to a Denial-of Service (DoS) attack.
We do not recommend connecting directly to the Internet – please use a private IP address on a secure private network configured via a firewall or wired/WiFi router. Please see www.canon-europe.com/support/product-security for ‘security for product connected to a network.’
We will continue to further strengthen our security measures to ensure that you can continue using Canon products with peace of mind. If the vulnerability is identified in other products, we will update this article. Please see CPE2023-001 – Regarding vulnerabilities for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers – 14 April 2023 for further information.
The Laser Printers and Small Office Multifunction Printers which could be affected include:
Please visit Support for firmware, software and product support information.
Canon would like to thank the following researcher for identifying this vulnerability.
Multiple cases of buffer overflow vulnerabilities have been identified with Canon Laser Printers and Small Office Multifunctional Printers. Related CVEs are: CVE-2022-24672, CVE-2022-24673 and CVE-2022-24674. A list of affected models is given below.
Whilst we have not received any reports of exploitation, please upgrade the device firmware to the latest version.
This vulnerability suggests the possibility that if a product is connected directly to the Internet without using a wired or Wi-Fi router, a third party on the Internet may execute arbitrary code or the product could be subjected to Denial-of Service (DoS) attack.
We do not recommend connecting directly to the Internet – please use a private IP address on a secure private network configured via a firewall or wired/WiFi router. Please see www.canon-europe.com/support/product-security for ‘security for product connected to a network.’
We will continue to work to further strengthen security measures to ensure that you can continue using Canon products with peace of mind. If vulnerabilities are identified in other products, we will immediately update this article.
The Laser Printers and Small Office Multifunction Printers, which require the countermeasure:
Please visit Support for firmware, software and product support information.
CANON would like to thank the following people for identifying this vulnerability.
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The malicious class file can do virtually anything: leak data or secrets, launch other software such as ransomware, mine cryptocurrencies, introduce backdoors or create a steppingstone further into a network.
https://cpp.canon/products-technologies/security/latest-news/
The goal of this page is to list the Canon Production Printing (CPP) products that may be impacted by the following CVE reports:
The table below gives the vulnerability status for the Canon Production Printing hardware and software products listed. Please check back regularly to be informed regarding the updated status.
Products assessed and status
CTS – Cutsheet and Toner Systems / Inkjet Sheetfed Press
Products |
Status |
---|---|
PRISMAsync print server based products |
Not impacted |
varioPRINT 140 series |
Not impacted |
varioPRINT 6000 series |
Not impacted |
varioPRINT i-series |
Not impacted |
varioPRINT iX-series |
Not impacted |
Service Control Station (SCS) for VPi300 series and VPiX series |
Not impacted |
Tablet for VPi300 series and VPiX series |
Not impacted |
PRISMAsync i300/iX Simulator |
Not impacted |
PRISMAprepare V6 |
Not impacted |
PRISMAprepare V7 |
Not impacted |
PRISMAprepare V8 |
Not impacted |
PRISMAdirect V1 |
Not impacted |
PRISMAprofiler |
Not impacted |
PRISMA Cloud PRISMA Home PRISMAprepare Go PRISMAlytics Accounting |
Not impacted |
PPP – Production Printing Products
Products |
Status |
---|---|
ColorStream 3×00 ColorStream 3x00Z |
Not impacted |
Colorstream 6000 |
Not impacted |
ColorStream 8000 |
Not impacted |
ProStream 1×00 |
Not impacted |
LabelStream 4000 series |
Not impacted |
ImageStream |
Not impacted |
JetStream V1 JetStream V2 |
Not impacted |
VarioStream 4000 |
Not impacted |
VarioStream 7000 series |
Not impacted |
VarioStream 8000 |
Not impacted |
PRISMAproduction Server V5 |
Not impacted |
PRISMAproduction Host |
Not impacted |
PRISMAcontrol |
Not impacted |
PRISMAspool |
Not impacted |
PRISMAsimulate |
New version available* |
TrueProof |
Not impacted |
DocSetter |
Not impacted |
DPconvert |
Not impacted |
* Please contact your local Canon service representative
LFG – Large Format Graphics
Products |
Status |
---|---|
Arizona series |
under investigation |
Colorado series |
Not impacted |
ONYX HUB |
under investigation |
ONYX Thrive |
under investigation |
ONYX ProductionHouse |
under investigation |
TDS – Technical Documentation Systems
Products |
Status |
---|---|
TDS series |
Not impacted |
PlotWave series |
Not impacted |
ColorWave series |
Not impacted |
Scanner Professional |
Not impacted |
Driver Select, Driver Express, Publisher Mobile |
Not impacted |
Publisher Select |
Not impacted |
Account Console |
Not impacted |
Repro Desk |
Not impacted |
Service & Support Tools
Products |
Status |
---|---|
On Remote Service |
Not impacted |
A vulnerability had been confirmed in the RSA key generating process in the Cryptographic library mounted on Canon’s Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers. A full list of affected products is included below.
The risk of this vulnerability is the possibility of private key for RSA public key being estimated by someone, due to issues in the generation process of RSA key pair.
If the RSA key pair is used for TLS or IPSec, is generated by a Cryptographic library with this vulnerability, this RSA public key could be taken by a third party or even be falsified.
We have not received any incident reports regarding this vulnerability so far and users can rest assured if firmware on the impacted products is being resolved
Where the RSA key pair had been created by the Cryptographic library with this vulnerability, additional steps are required after the firmware update. Depending on the affected, refer to Steps to check the key and measure to be taken described below to take a correct action.
In addition, do not connect the products directly to the internet, but use firewall, wire connected environment or securely protected private network environment if using Wi-Fi router. Set a private IP address as well.
For details, please refer to Securing products when connecting to a network.
Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers, which require the measure.
imagePROGRAF TZ-30000
imagePROGRAF TX-4100/3100/2100
iPR C165/C170
iR 1643i II, iR 1643iF II
iR 2425
iR 2645/2635/2630
iR-ADV 4551/4545/4535/4525
iR-ADV 4551Ⅲ/4545 Ⅲ/4535 Ⅲ/4525 Ⅲ
iR-ADV 4725/4735/4745/4751
iR-ADV 527/617/717
iR-ADV 6000
iR-ADV 6575/6565/6560/6555
iR-ADV 6575Ⅲ/6565Ⅲ/6560Ⅲ
iR-ADV 6755/6765/6780
iR-ADV 6855/6860/6870
iR-ADV 715/615/525
iR-ADV 715Ⅲ/615Ⅲ/525Ⅲ
iR-ADV 8505/8595/8585
iR-ADV 8505Ⅲ/8595Ⅲ/8585Ⅲ
iR-ADV 8705/8705B/8795
iR-ADV C256Ⅲ/C356Ⅲ
iR-ADV C257/C357
iR-ADV C3530/C3520
iR-ADV C3530Ⅲ/C3520Ⅲ
iR-ADV C355/255
iR-ADV C356/256
iR-ADV C3730/C3720
iR-ADV C3830/C3826/C3835
iR-ADV C475Ⅲ
iR-ADV C477/C478
iR-ADV C5560/5550/5540/5535
iR-ADV C5560Ⅲ/5550Ⅲ/5540Ⅲ/5535Ⅲ
iR-ADV C5760/5750/5740/5735
iR-ADV C5870/C5860/C5850/C5840
iR-ADV C7580/C7570/C7565
iR-ADV C7580Ⅲ/C7570Ⅲ/C7565Ⅲ
iR-ADV C7780/C7770/C7765
iRC3226
i-SENSYS X 1238 II, i-SENSYS X 1238iF II
i-SENSYS X 1238P II, i-SENSYS X 1238Pr II
LBP233Dw, LBP236Dw
LBP631Cw, LBP633Cdw
MF 453dw, MF455dw
MF552dw, MF553dw
MF651dw, MF655Cdw, MF657Cdw
PRO-G1/PRO-300,PRO-S1/PRO-200
imagePROGRAF GP-200/300/2000/4000
MAXIFY GX6040
MAXIFY GX6050
MAXIFY GX7040
MAXIFY GX7050
MF830Cx, MF832Cx, MF832Cdw, iR C1533, C1538
LBP720Cx/LBP722Cx/LBP722Ci/LBP722Cdw/C1533P/C1538P
Steps to check and resolve for Inkjet Printers key
Please visit Support for firmware, software and product support information.
We are currently in the process of investigating the impact of the ‘Log4j’ https://logging.apache.org/log4j/2.x/security.html vulnerability on Canon products. As information comes to light, we will update this article.
The table below gives the vulnerability status for the hardware and software products listed. Please check back regularly.
Product |
Status/Statement |
---|---|
Canon • imageRUNNER • imageRUNNER ADVANCE • imagePRESS • i-SENSYS • i-SENSYS X • imagePROGRAF • imageFORMULA |
These devices are not affected. |
Canon • imageWARE Management Console • imageWARE Enterprise Management Console • eMaintenance Optimiser • eMaintenance Universal Gateway • Canon Data Collection Agent • Remote Support Operator Kit • Content Delivery Service • Device Settings Configurator • Canon Reporting Service Online • OS400 Object Generator • CQue Driver • SQue Driver |
Software not affected. |
Canon Production Printing • PRISMA Cutsheet and Toner systems • Continuous Printing • Large Format Graphics • Technical Document Systems |
https://cpp.canon/products-technologies/security/latest-news/ |
NT-ware • uniFLOW • uniFLOW Online • uniFLOW Online Express • uniFLOW sysHub • PRISMAsatellite |
https://www.uniflow.global/en/security/security-and-maintenance/ |
Avantech • Scan2x • Scan2x Online |
|
Cirrato • Cirrato One • Cirrato Embedded |
Not affected. |
Compart • DocBridge Suite |
|
Docspro • Import Controller • XML Importer • Email Importer • Knowledge Base • Universal Test Release • Advanced PDF Creator • Webservice Export Connector |
Not affected. |
Docuform • Mercury Suite |
Not affected. |
Doxsense • WES Pull Print 2.1 • WES Authentication 2.1 |
Not affected. |
EFI • Fiery |
https://communities.efi.com/s/feed/0D55w00009ARpbxCAD?language=en_US |
Genius Bytes • Genius MFP Canon Client |
Log4j Zero Day Vulnerability - Genius Bytes Not affected |
IRIS • IRISXtract • IRISPowerscan • Readiris PDF 22 • Readiris 16 & 17 • Cardiris • IRISPulse |
|
Kantar • Discover Assessment Web Survey |
Not affected. |
Kofax • PowerPDF • eCopy ShareScan • Robotic Process Automation • Kofax Communication Manager Solution |
Kofax products and Apache Log4j2 vulnerability information - Kofax Not affected. Until the ShareScan patches are ready, follow the steps in the ShareScan and Log4j vulnerability (CVE-2021-44228) - Kofax article. Patches are available. See Kofax RPA CVE-2021-44228 log4j Security Exploit Information article. Patches are available. See log4j vulnerability in Kofax Communications Manager article. |
Netaphor • SiteAudit |
SiteAudit Vulnerability Exposure | Netaphor SiteAudit(TM) Knowledgebase |
Netikus • EventSentry |
Is EventSentry affected by the Log4Shell Log4j RCE CVE-2021-44228 | EventSentry |
Newfield IT • Asset DB |
Not affected. |
Objectif Lune • Connect |
Past versions of Objectif Lune Connect used the log4j module, but it was removed from the software with the release of Objectif Lune Connect 2018.1. So as long as you are running a version of Objectif Lune Connect that is 2018.1 or later, the vulnerability is not present. |
OptimiDoc • OptimiDoc |
|
Overall • Print In City |
Not affected. |
PaperCut • PaperCut |
Log4Shell (CVE-2021-44228) - How is PaperCut Affected? | PaperCut |
Paper River • TotalCopy |
Not affected. |
Ringdale • FollowMe Embedded |
Not affected. |
Quadient • Inspire Suite |
Quadient University Log4J Information for Existing Customers |
T5 Solutions • TG-PLOT/CAD-RIP |
Not affected. |
Therefore • Therefore • Therefore Online |
|
Westpole • Intelligent Print Management |
Not affected. |
A cross-site scripting vulnerability has been identified in the Remote UI function of Canon laser printers and multifunction devices for small office – see the affected models below (vulnerability identification number: JVN # 64806328).
For this vulnerability to be exploited, it is necessary for the attacker to be in the administrator mode. Whilst there have been no reports of data loss, we advise installing the latest firmware to enhance security. Updates can be found at https://www.canon-europe.com/support/.
We also recommend that a private IP address is set and a network environment ensuring that connection is established through a firewall or Wi-Fi router that can restrict network access. Please see https://www.canon-europe.com/support/product-security/ for more details of security measures when connecting devices to a network.
Affected products:
iSENSYS
LBP162DWimageRUNNER
2206IFA vulnerability with Microsoft Windows Print Spooler was discovered earlier this year, which has been referred to as “PrintNightmare”. The vulnerability allows hackers to take control users' Windows systems under certain conditions.
While this may affect the users of Canon devices, this is the result of a flaw within Microsoft software rather than any issue with Canon's products or software. Specifically, the issue lies with the print spooler functionality which is installed on every Windows Server and Windows desktop.
Microsoft announced that these vulnerabilities were resolved within the Microsoft July 6th Security Update, available through Windows Update or by downloading and installing KB5004945. Microsoft recommends that IT teams apply this update immediately to help prevent intrusions related to these vulnerabilities. For full information from Microsoft on the matter, please visit https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
In addition to Microsoft’s advice to install the updates, we also recommend you secure your system by confirming that the following registry settings are set to 0 (zero) or are not defined (Note: these registry keys do not exist by default, and therefore are already at the secure setting). You should also check that your Group Policy settings are correct:
Having the ‘NoWarningNoElevationOnInstall’ registry key set to 1 reduces your system security posture.
We advise that your IT team continues to monitor the Microsoft support site to ensure that all applicable underlying operating system patches are applied.
Contact us for telephone or E-mail support
Register your product and manage your Canon ID account
Locate a repair centre and find other useful information regarding our repair process