Multiple vulnerabilities in Canon Europe Office/Small Office Multifunction Printers, Laser Printers and Inkjet Printers



Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2023-0851
CVE-2023-0854
CVE-2023-0852
CVE-2023-0853
CVE-2023-0855
CVE-2023-0856
CVE-2022-43974
CVE-2022-43608
CVE-2023-0857
CVE-2023-0858
CVE-2023-0859
CWE-ID CWE-122
CWE-121
CWE-190
CWE-286
CWE-284
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
i-SENSYS X C1127P
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS C1127iF
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS X C1127i
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF746Cx
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF744CDW
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF742CDW
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF645Cx
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF643CDW
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS MF641Cw
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS LBP664Cx
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS LBP633Cdw
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS LBP623Cdw
Hardware solutions / Office equipment, IP-phones, print servers

i-SENSYS LBP621Cw
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G4570
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G3572 PIXMA G4470
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G3571
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G3570
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G3470 WH
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G3470 RED
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G3470 BK
Hardware solutions / Office equipment, IP-phones, print servers

PIXMA G3430
Hardware solutions / Office equipment, IP-phones, print servers

MAXIFY GX4050
Hardware solutions / Office equipment, IP-phones, print servers

MAXIFY GX4040
Hardware solutions / Office equipment, IP-phones, print servers

MAXIFY GX3050
Hardware solutions / Office equipment, IP-phones, print servers

MAXIFY GX3040
Hardware solutions / Office equipment, IP-phones, print servers

imagePROGRAF TC-20M
Hardware solutions / Office equipment, IP-phones, print servers

imagePROGRAF TC-20
Hardware solutions / Office equipment, IP-phones, print servers

Vendor Canon Europe

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU76467

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0851

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU76468

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0854

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU76469

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0852

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Stack-based buffer overflow

EUVDB-ID: #VU76470

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0853

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Stack-based buffer overflow

EUVDB-ID: #VU76471

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0855

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

EUVDB-ID: #VU76472

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0856

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer overflow

EUVDB-ID: #VU76473

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43974

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PIXMA G4570: All versions

PIXMA G3572 PIXMA G4470: All versions

PIXMA G3571: All versions

PIXMA G3570: All versions

PIXMA G3470 WH: All versions

PIXMA G3470 RED: All versions

PIXMA G3470 BK: All versions

PIXMA G3430: All versions

MAXIFY GX4050: All versions

MAXIFY GX4040: All versions

MAXIFY GX3050: All versions

MAXIFY GX3040: All versions

imagePROGRAF TC-20M: All versions

imagePROGRAF TC-20: All versions

CPE2.3 External links

http://jvn.jp/en/vu/JVNVU94777298/index.html
http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU76475

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-43608

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker on the local network can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Incorrect User Management

EUVDB-ID: #VU76476

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0857

CWE-ID: CWE-286 - Incorrect User Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to incorrect user management. A remote attacker can change the product's settings or gain unauthorized access to the product.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper access control

EUVDB-ID: #VU76478

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0858

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the product.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU76480

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0859

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote administrator can pass specially crafted input to the application and install an arbitrary file on the product.

Mitigation

Install update from vendor's website.

Vulnerable software versions

i-SENSYS X C1127P: All versions

i-SENSYS C1127iF: All versions

i-SENSYS X C1127i: All versions

i-SENSYS MF746Cx: All versions

i-SENSYS MF744CDW: All versions

i-SENSYS MF742CDW: All versions

i-SENSYS MF645Cx: All versions

i-SENSYS MF643CDW: All versions

i-SENSYS MF641Cw: All versions

i-SENSYS LBP664Cx: All versions

i-SENSYS LBP633Cdw: All versions

i-SENSYS LBP623Cdw: All versions

i-SENSYS LBP621Cw: All versions

CPE2.3 External links

http://psirt.canon/advisory-information/cp2023-001/
http://www.canon-europe.com/support/product-security-latest-news/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###