Contact Us
Contact us for telephone or E-mail support
On this page you will find important information regarding Canon security
Following investigation, we have determined that no imageRUNNER, imageRUNNER ADVANCE or i-SENSYS products are affected by this vulnerability. We are continuing our investigation across the Canon product range and will update this article as further information becomes available.
It has been brought to our attention by the 'Federal Office for Information Security' (BSI) that the network implementation within the microMIND is vulnerable to a number of exploits. These vulnerabilities were discovered by 'Forescout Technologies', researchers Jos Wetzels, Stanislav Dashevskyi, Amine Amri, and Daniel dos Santos.
The microMIND utilises the uIP open-source network stack, https://en.wikipedia.org/wiki/UIP_(micro_IP) used by thousands of companies to network enable their software/hardware. The researchers found that if exploited these vulnerabilities could result in a DoS attack taking the device offline or performing Remote Code Execution (RCE) on the microMIND itself. To address these vulnerabilities NT-ware has released a new firmware that addresses all reported issues. At the time of writing this security bulletin there are no known exploits targeting the microMIND.
Exploit name/link: AMNESIA:33, https://www.forescout.com/amnesia33/
CVE's addressed in this firmware are: CVE-2020-13988, CVE-2020-13987, CVE-2020-17438, CVE-2020-17437
CVE's not related to the MicroMIND implementation of the uIP Stack: CVE-2020-17440, CVE-2020-17439, CVE-2020-24334, CVE-2020-24335
Affected uniFLOW microMIND Firmware: version 2.0.9 and earlier or delivered prior to October 2020.
Mitigation/Action: If you have an affected microMIND please contact your Canon representative to arrange upgrading the firmware.
A cyber security company headquartered in Israel, SCADAfence Ltd., drew our attention to a vulnerability related to IP stack protocol, which is used by Canon Laser Printer and Small Office Multifunctional Printer. Please refer to CVE-2020-16849 for details.
The potential exists for a third-party attack on the device when it is connected to a network allowing fragments of the “Address book” or/and “administrator password” to be acquired through an unsecured network. It should be noted that when HTTPS is used for the communication of Remote UI, data is secured by encryption.
To date, there have been no confirmed cases of these vulnerabilities being exploited to cause harm. However, in order to ensure that our customers can use our products securely, new firmware will be available for the following products:
i-SENSYS MF Series
MF113W
MF212W/MF216N/MF217W
MF226DN/MF229DW
MF231/MF232W/MF237W
MF244DW/MF247DW/MF249DW
MF264DW/MF267DW/MF269DW
MF4570DN/MF4580DN
MF4780W
MF4870DN/MF4890DW
i-SENSYS LBP Series
LBP113W
LBP151DW
LBP162DW
imageRUNNER Series
IR2202N
IR2204N/IR2204F
IR2206N/IR2206IF
Please refer to the User Manual for details on how to update firmware.
We recommend that a private IP address is used for products and use network parameter controls such as the use of a firewall or Wi-Fi router that can restrict network access. The ‘Security for Products Connected to a Network’ section further down on this page gives some additional guidance.
After investigation into the ‘Ripple20’ vulnerability, there has been no identified issue with Canon printer products.
Whilst Canon’s wireless function password complies with the current WPA standard, we are aware that the security provided by eight-character numerical passwords isn’t considered to be as strong as it used to be. With this in mind, we recommend that in environments where wireless security is a concern, such as a public location, Canon equipment should always be connected to infrastructure Wi-Fi deployment. We take security seriously - we are updating the Wi-Fi security configurations across our products to help you remain secure and any update will be published on these pages. Canon would like to thank REDTEAM.PL for drawing our attention to the changing nature of password security and its impact on the market.
The imageRUNNER ADVANCE software platform version 3.8 and later introduced the Syslog protocol (compliant with RFC 5424, RFC 5425 and RFC 5426) near real-time event messaging functionality adding to existing device logging increasing visibility of device and device security events. This builds upon the device logging capability allowing connection to an existing security information event management (SIEM) or Syslog server. The ‘SIEM_spec’ document given below details of the messages types and log data that can be generated.
Eleven vulnerabilities, dubbed “URGENT/11” (CVE-2019-12255 through to CVE-2019-12265), have been identified within the VxWorks operating system. It has transpired that the IPnet TCP/IP stack used in the VxWorks operating system has also been used in other real-time operating systems, opening up the possibility for vulnerabilities (CVE-2019-12255, CVE-2019-12262 and CVE-2019-12264) to exist in a broader range of products.
A number of legacy European models may be vulnerable to this issue as they have been identified as using the affected IPnet TCP/IP stack:
Thank you very much for using Canon products.
An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.
(CVE-ID:CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)
Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.
At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.
There is an increase use of PCs and mobile devices in an unsecure (free Wi-Fi) network environment where customers are not aware of the network security. As it has become prevalent to transfer images from a camera to a mobile device via Wi-Fi connection, we will implement firmware updates for the following models that are equipped with the Wi-Fi function.
These vulnerabilities affect the following EOS-series digital SLR and mirrorless cameras:
EOS-1DC*1 *2 | EOS 6D Mark II | EOS 760D | EOS M6 Mark II | PowerShot SX740 HS |
EOS-1DX*1 *2 | EOS 7D Mark II*1 | EOS 800D | EOS M10 | |
EOS-1DX MK II*1 *2 | EOS 70D | EOS 1300D | EOS M50 | |
EOS 5D Mark III*1 | EOS 77D | EOS 2000D | EOS M100 | |
EOS 5D Mark IV | EOS 80D | EOS 4000D | EOS R | |
EOS 5DS*1 | EOS 200D | EOS M3 | EOS RP | |
EOS 5DS R*1 | EOS 250D | EOS M5 | PowerShot G5X Mark II | |
EOS 6D | EOS 750D | EOS M6 | PowerShot SX70 HS |
*1 If a WiFi adapter or a Wireless file transmitter is used, WiFi connection can be established.
*2 Ethernet connections are also affected by these vulnerabilities.
Firmware update information will be provided for each product in turn starting from products for which preparations have been completed.
Recently, researchers reported on vulnerabilities found in the communication protocols in the fax functions of certain products. (CVE-ID: CVE-2018-5924, CVE 2018-5925). For information regarding the impact of these vulnerabilities on Canon products equipped with fax functions, please see below:
Based on our review, as they do not employ the colour G3 Fax Protocol exploited by these vulnerabilities, the following products are unaffected: imageRUNNER/iR, imageRUNNER ADVANCE, LASER CLASS, imagePRESS, FAXPHONE, GP and imageCLASS/i-SENSYS series models equipped with fax functions.
MAXIFY and PIXMA series products equipped with fax functions do make use of the Colour G3 Fax Protocol. However, we have not identified any risk of malicious code being executed via the fax circuit or risk to the security of information saved on these devices.
We will continue to monitor this situation and take appropriate action necessary to help ensure the security of our devices.
Two variants of the vulnerabilities that use different techniques to exploit the speculative execution functions within the affected CPUs were identified and named. They are CVE-2017-5715, CVE-2017-5753: “Spectre” and CVE-2017-5754: “Meltdown”.
The following Canon external controller products may be impacted by the vulnerabilities. Though there is currently no known way to exploit these vulnerabilities, countermeasures are being prepared so that customers can continue to use our products without concern.
ColorPASS:
GX300 v2.0, GX300 v2.1, GX400 v1.0, GX500 v1.1
imagePASS:
U1 v1.1, U1 v1.1.1, U2 v1.0
Y1 v1.0, Y2 v1.0
imagePRESS-CR Server:
A7000 v2.1, A7000 v3.0, A7300 v1.0, A7500 v2.1, A8000 v1.1
imagePRESS Server:
A1200 v1.0, A1200 v1.1, A1300 v1.0, A2200 v1.0, A2200 v1.1, A2300 v1.0, A3200 v1.0, A3200 v1.1, A3300 v1.0
B4000 v1.0, B4100 v1.0, B5000 v1.0, B5100 v1.0
F200 v1.21, H300 v1.0
J100 v1.21, J200 v1.21
K100 v1.0, K200 v1.0
Q2 v2.0, Z1 v1.0
The following Canon service may be impacted by the vulnerabilities. Though there is currently no known way to exploit these vulnerabilities, countermeasures were put in place by end of February 2018.
MDS Cloud
All Canon laser multifunction printers and Canon laser printers and their related software products, except the above-mentioned, are not affected by these vulnerabilities through any known exploitation process. Customers can continue using our products reliably.
Canon is constantly working to ensure the highest level of security is reached in all our products and solutions. We take the security of our customer information seriously and its protection is our utmost priority.
Recently, a researcher made public a vulnerability known as KRACKs in the standard wireless LAN (Wi-Fi) encryption protocol WPA2. This vulnerability allows an attacker to intentionally intercept the wireless transmission between the client (terminal equipped with Wi-Fi functionality) and the access point (the router etc.) to perform potentially malicious activity. For that reason, this vulnerability cannot be exploited by anyone outside the range of the Wi-Fi signal or by anyone in a remote location using the internet as an intermediary.
We have yet to confirm that any issues have been encountered by users of Canon products as a result of this vulnerability, however, in order to allow customers to continue using our products with peace of mind, we recommend the following preventative measures:
•Use a USB cable or Ethernet cable to directly connect compatible devices to a network
•Encrypt data transmission from devices that enable encryption settings (TLS/IPSec)
•Use such physical media as SD cards with compatible devices
•Use such settings as Wireless Direct and Direct Connect with compatible devices
As the operation procedures and functions offered vary from device to device, please consult your device’s manual for more details. We also recommend you take appropriate measures for such devices as your PC or smartphone. For information on the appropriate measures for each device, please contact the device’s manufacturer.
Contact us for telephone or E-mail support
Register your product and manage your Canon ID account
Locate a repair centre and find other useful information regarding our repair process