Alerts & Security Vulnerability Announcements

First published: October 31, 2024

Ricoh is aware of a buffer overflow vulnerability when using the Web Image Monitor that could potentially allow a denial of service (DoS) or remote code execution attack.

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide, and has taken the necessary actions to address this vulnerability.

Recommended User Action

Please visit https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000011 for a full list of the affected products.

If your Ricoh device is included, please click the link listed for your device to access its support page and download and install the latest firmware for your device.

For questions related to this advisory, please contact your local Ricoh representative or dealer.

Published: August 6, 2024

Ricoh has identified a vulnerability in Java VM Platform that would automatically enable outdated TLS versions (TLS 1.0 and TLS 1.1) when a firmware update is performed by Ricoh’s firmware update tool.

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.

Ricoh has taken steps to address this vulnerability. Please visit the hyperlinks for the affected products listed below for detailed information, including countermeasures to ensure the continued security of your Ricoh product.

For questions related to this advisory, please contact your local Ricoh representative or dealer.

Published: July 29, 2024

Ricoh is aware of a reported heap buffer overflow vulnerability in WebRTC affecting certain products and services that Ricoh develops, manufactures, and offers.

Heap buffer overflow can allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. Please make sure not to use the affected RICOH products or services to view any untrusted sources (URLs or files).

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide and has taken steps to address this vulnerability.

Please visit the hyperlinks for each product/service listed below for further details and recommended measures to ensure the continued security of your Ricoh product.

For questions related to this advisory, please contact your local Ricoh representative or dealer.

Published: July 9, 2024

Ricoh is aware of a buffer overflow vulnerability creating the possibility of a denial of services (DoS) attack or partial data destruction caused by a remote attacker. No arbitrary code can be executed.

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide, and has taken steps to address this vulnerability in the products listed below.

Please visit the hyperlinks for each product for further details and recommended measures to update your firmware to ensure the continued security of your Ricoh product.

For questions related to this advisory, please contact your local Ricoh representative or dealer.

First published: June 18, 2024

Ricoh is aware of several vulnerabilities affecting the PC Client of Streamline NX V3 listed here.

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.

Ricoh has taken steps to address these vulnerabilities. Please visit the hyperlinks for each vulnerability below with further details and recommended measures to update your version of Streamline NX and ensure its continued security.

For questions related to this advisory, please contact your local Ricoh representative or dealer.

Several CVEs listed below have been issued affecting the identified devices.

First published: April 19, 2024

Ricoh is aware of the following vulnerabilities affecting the RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF that could potentially be leveraged by an attacker to remotely execute arbitrary code.

Ricoh has already taken steps to address the vulnerabilities for the affected devices listed here.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Vulnerabilities

CVE-2023-50733: Server-Side Request Forgery (SSRF) vulnerability in the Web Services feature that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50738: Firmware downgrade prevention vulnerability that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50739: Buffer overflow vulnerability in the Internet Printing Protocol (IPP) that can be leveraged by an attacker to execute arbitrary code.

Resolution

Ricoh has issued updated firmware for the affected models to ensure security. The updated firmware supersedes any previously recommended workarounds and addresses all vulnerabilities.

For the RICOH M C240FW and RICOH P C200W, please visit the following links to download the latest firmware and follow the steps to install.

RICOH M 240FW: https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/mc240fw/mc240fw.htm

RICOH P C200W: https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/pc200w/pc200w.htm

For the RICOH M C550SRF, please contact Ricoh at 1-800-637-4264, and choose option 3 or 4, to schedule a service appointment to install the latest firmware to your device.

First published: February 5, 2024

Ricoh has identified vulnerabilities in the PostScript interpreter (CVE-2023-50734, CVE-2023-50735, CVE-2023- 50736) and an input validation vulnerability in the SE Menu (CVE-2023-50737) towards certain Ricoh products.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Vulnerabilities

CVE-2023-50734: Buffer overflow vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50735: Heap corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50736: Memory corruption vulnerability in PostScript interpreter that can be leveraged by an attacker to execute arbitrary code.

CVE-2023-50737: Vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code.

Affected products

RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF

Resolution

Ricoh has issued updated firmware to ensure the security of the affected products.

For the RICOH M C240FW and RICOH P C200W, please visit the following webpages for further details, and how to download and install the latest firmware:

RICOH M C240FW:https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2024-000001

RICOH P C200W: https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2024-000001

For the RICOH M C550SRF, please contact Ricoh at 1-800-637-4264, and choose option 3 or 4 to schedule a service appointment to install the latest firmware to your device.

Dec. 11, 2023: DocuWare has notified Ricoh of a potential phishing attempt. Two domain names that include DocuWare were recently registered and feature a “0” in place of an “o”. They are:

1. docuware-notificati0n.com

2. docuware-notificati0n.net  

DocuWare and Ricoh have taken measures to block all such domains and we strongly recommend DocuWare users do the same.  We encourage all users to exercise vigilance about checking the domain name from which emails are received. Always remember to check the spelling to be sure the email is from a trusted DocuWare domain.

Should you have additional questions, please visit https://support.docuware.com/ .

First published: November 20, 2023

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.

Ricoh is aware of the reported "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) affecting certain products and services that Ricoh develops, manufactures, and offers.

The list below indicates the affected products and services. Please visit the corresponding links for measures to ensure proper security.

Ricoh products and services affected by this vulnerability

RICOH Interactive Whiteboard D5500: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000088-2023-000005

RICOH Interactive Whiteboard D5510: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000089-2023-000005

RICOH Interactive Whiteboard D2200: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000090-2023-000005

RICOH Interactive Whiteboard Controller Type 1: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000091-2023-000005

RICOH Interactive Whiteboard Controller Type 2: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000092-2023-000005

RICOH Interactive Whiteboard Controller Type 3: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000093-2023-000005

RICOH Interactive Whiteboard Lt: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000094-2023-000005

RICOH Interactive Whiteboard Lt for Open Controller: Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000095-2023-000005

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.

Ricoh is aware of the reported CVE-2023-5127 ( CWE-787 ) and has begun its investigation to determine whether and how it impacts Ricoh’s products and services.

Click here for more information.

Ricoh understands the importance of security and is committed to securing its products and services for customers worldwide.

Ricoh is aware of the reported CVE-2023-4863 ( CWE-787 ) and has begun its investigation to determine whether and how it impacts Ricoh’s products and services. Click here for more information.

First published: September 29, 2023

Issue: Ricoh is aware of the reported “Vulnerability of SLP implementation that allows reflected DoS attacks via UDP” that affects certain products and services Ricoh develops, manufactures, and offers.

Impacted products/services: RICOH Streamline NX

Components: PC Client

Versions: V3.0 – V3.7.0

Resolution: For more information on this vulnerability and the necessary measures to ensure the security of our software, please visit: https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000025.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Several CVEs listed below have been issued affecting the identified devices.

April 4, 2023

Ricoh is aware of the following vulnerabilities affecting the RICOH M C240FW, RICOH P C200W, and RICOH M C550SRF that could potentially be leveraged by an attacker to remotely execute arbitrary code or escalate privileges on a device already compromised by an attacker.

Ricoh has already taken steps to address the vulnerabilities for the affected devices listed here.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

CVE-2023-23560 – Server-Side Request Forgery: Vulnerability that can be leveraged to remotely execute arbitrary code.

CVE-2023-26063 – Postscript Buffer Overflow: A type confusion vulnerability that can be leveraged to remotely execute arbitrary code.

CVE-2023-26064 – Postscript Buffer Overflow: An out of bounds write vulnerability that can be leveraged to remotely execute arbitrary code.

CVE-2023-26065 – Postscript Buffer Overflow: An integer overflow vulnerability that can be leveraged to remotely execute arbitrary code.

CVE-2023-26066 – Postscript Buffer Overflow: An improper stack validation vulnerability that can be leveraged to remotely execute arbitrary code.

CVE-2023-26067 – Input Validation: An input validation vulnerability that can be leveraged on an already compromised device to escalate privileges. Can only be exploited on a device that has already been compromised by other means.

CVE-2023-26068 – Embedded Web Server: An embedded web server input sanitization vulnerability that can be leveraged to remotely execute arbitrary code.

CVE-2023-26069 – Web API: A web API input validation vulnerability that can be leveraged to remotely execute arbitrary code.

Resolution: Ricoh has issued updated firmware for the affected models to ensure security. The updated firmware supersedes any previously recommended workarounds and addresses all vulnerabilities.

For the RICOH M C240FW and RICOH P C200W, please visit the following links to download the latest firmware and follow the steps to install.

RICOH M C240FW: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/mc240fw/mc240fw.htm

RICOH P C200W: http://support.ricoh.com/bb/html/dr_ut_e/rc3/model/pc200w/pc200w.htm

For the RICOH M C550SRF, please contact Ricoh at 1-800-637-4264, option 3 or 4, to schedule a service appointment to install the latest firmware to your device.

A Server-Side Request Forgery (SSRF) vulnerability exists in some Ricoh devices.

February 21, 2023

Ricoh is aware of CVE-2023-23560, a Server-Side Request Forgery (SSRF) vulnerability that could potentially be leveraged by an attacker to remotely execute arbitrary code on an affected device.

Ricoh has already taken steps to address the vulnerability of impacted devices, listed here.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Ricoh encourages all customers who use the RICOH M C240FW and RICOH P C200W to visit this webpage and follow the workaround steps outlined for each model to ensure security.

For customers who use the RICOH M C550SRF, please disable the Web-Services service on the printer (TCP port 65002), which blocks the ability to exploit this vulnerability, by performing the following steps: Go to “Settings” > ”Network/Ports” > “TCP/IP” > “TCP/IP Port Access” and uncheck "TCP 65002 (WSD Print Service)” and save.

Ricoh is quickly working on updated firmware for each model, and more information will be provided as soon as it is made available.

First published:  December 28, 2022

Ricoh is aware of CVE-2022-43969, which is in the process of being published. This vulnerability could potentially allow certain usernames and passwords to be leaked via Web Image Monitor and could impact devices using a Ricoh controller.

Ricoh has already developed patches for many impacted devices, listed here. Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

We encourage all Ricoh customers who use models listed on this webpage to reset your administrative password to reduce potential risk. We are working rapidly to develop all required patches and as they become available, more information will be provided on that webpage

First published: July 8, 2022

On Friday, July 8, 2022, telecommunications giant Rogers experienced a nationwide outage that continues to impact wireless, cable, internet and data centre customers.  At Ricoh Canada, this is impacting network access for some of our teammates as well as our RCloud customers. While we continue to monitor the situation closely, we’ve enacted our BCP and are available to support our customers. For service calls, please email us at servicecall@ricoh.ca. For general enquiries we can be reached via our website at ricoh.ca, or by email at ricohcanada@ricoh.ca

First published: April 6, 2022

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Ricoh is aware of these vulnerabilities disclosed by VMware:

• CVE-2022-22963, a remote code execution in Spring Cloud Function by malicious Spring Expression

• Spring4Shell (CVE-2022-22965), a remote code execution in Spring Framework via Data Binding on Java Development Kit (JDK) version 9 or later

We are working with our security experts to address this as a high-priority issue and are now investigating which products or services may be affected. We will publish an advisory for the affected models. As of April 6, 2022, we have confirmed that these vulnerabilities do not affect the following main Ricoh products and services:

• Ricoh Smart Integration (RSI) Platform and its applications

• RICOH Streamline NX V2, V3

• Multifunction Printers

As more information becomes available, we will update this web page.

Ricoh is aware of the registration of CVE-2021-33945, a vulnerability that could potentially allow denial-of-service (DoS) attacks by causing certain MFPs/printers to consume large amounts of memory. This vulnerability is due to module behavior, and Ricoh products that use this module are listed here as affected products.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for customers around the world.

Ricoh will release firmware updates here as they become available.

When using products impacted by this security issue, Ricoh strongly advises that customers use SSID (Service Set Identifier) and a password, and avoid using a WPS (Wi-Fi® Protected Setup) connection when establishing a wireless connection. Please refer to the following steps:

Last updated: January 5, 2022

First published: December 15, 2021

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported Apache Log4j 2 remote code execution vulnerabilities Apache Log4j is an open-source logging JAVA-based library offered by Apache Software Foundation. Ricoh is currently investigating if any Ricoh products and services may be potentially impacted by these vulnerabilities, including:

• CVE-2021-44228

• CVE 2021-45046

• CVE-2021-45105

• CVE-2021-4104

• CVE-2021-44832

Servers operating with Apache Log4j are potentially threatened, allowing a third party to remotely access the server and execute remote code by sending modified data to exploit this vulnerability.

Ricoh confirmed the following products and services that it develops, manufactures, and offers are not impacted by the CVE-2021-44228 vulnerability. Ricoh products and services not listed are under ongoing investigation.

Production Printers were listed as not being impacted as of December 16, however, investigation is ongoing. Updates will be provided as they are available.

For products and solutions from vendors other than Ricoh, we recommend customers to confirm latest information directly with relevant vendors.

Ricoh is committed to supporting customers across the globe, enabling them to operate Ricoh products equipped with the latest security settings. Additional updates on impacted Ricoh products and services and related countermeasures will be provided promptly on this page as they become available.

List 1: Ricoh products, software services not affected by this vulnerability