Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Canon Patches 7 Critical Vulnerabilities in Small Office Printers

Canon announces patches for seven critical-severity remote code execution flaws impacting small office printer models.

Japanese electronics maker Canon on Monday announced software updates that patch seven critical-severity vulnerabilities impacting several small office printer models.

The issues, described as buffer overflow bugs, can be exploited over the network for remote code execution (RCE) or to cause the vulnerable product to become unresponsive.

“These vulnerabilities indicate the possibility that, if a product is connected directly to the Internet without using a router (wired or Wi-Fi), an unauthenticated remote attacker may be able to execute arbitrary code and/or may be able to target the product in a denial-of-service (DoS) attack via the internet,” Canon notes.

The flaws are tracked as CVE-2023-6229 through CVE-2023-6234 and CVE-2024-0244. According to Japan’s vulnerability information portal JVN, they have a CVSS score of 9.8.

NIST advisories reveal that the flaws were identified in components such as the CPCA PDL resource download process, Address Book password process, WSD probe request process, Address Book username process, SLP attribute request process, CPCA Color LUT resource download process, and CPCA PCFAX number process.

The vulnerable printer models differ slightly based on region: i-SENSYS LBP673Cdw, MF752Cdw, MF754Cdw, C1333i, C1333iF, and C1333P series in Europe, imageCLASS MF753CDW, MF751CDW, MF1333C, LBP674CDW, and LBP1333C series in North America; and Satera LBP670C and MF750C series in Japan.

For all models, however, the vulnerabilities impact firmware versions 03.07 and earlier. Updates that address these bugs can be found on Canon’s regional websites.

“There have been no reports of these vulnerabilities being exploited. However, to enhance the security of the product, we advise that our customers install the latest firmware available for the affected models,” Canon says on its European support site.

Advertisement. Scroll to continue reading.

Given that the vulnerabilities described above can be exploited remotely, customers are also advised to restrict access to the printers, hiding them behind a firewall or a router, and setting a private IP address for them.

Canon notes that all seven security defects were reported through Trend Micro’s Zero Day Initiative (ZDI).

Related: 200 Canon Printer Models May Expose Wi-Fi Connection Data

Related: Many Vulnerabilities Found in PrinterLogic Enterprise Software

Related: Critical Vulnerability Impacts Over 120 Lexmark Printers

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.