Notice on potential impact of "a threat of leakage of the folder user password" vulnerability (CVE-2022-43969) towards IM C3000/C3500/C4500

: Last updated: 08:00 am on January 24, 2023 (2023-01-24T17:00:00+09:00); First published: 08:00 am on December 26, 2022 (2022-12-26T17:00:00+09:00); Ricoh Company, Ltd.

Ricoh understands this threat. For customers using these products, please take the following actions to ensure stronger security.

Advisory ID

ricoh-prod000005-2022-000002
Version

1.01E
CVE ID (CWE ID)

CVE-2022-43969 ( CWE-255 )
CVSSv3 base score

9.1CRITICAL

Potential impact

The user password for the folder may be leaked on scanner or FAX-installed models.

Affected components and versions

Products or Services	Components	Versions
IM C3000/C3500/C4500	Firmware	Web Support 6.03 or earlier

How to view the firmware version:
1. Access Web Image Monitor from your browser.
https://"IP address or hostname of the device"
2. Log in with Administrator privileges.
3. Navigate to Device Management > Configuration > Device Settings > Firmware Update

Resolution

Update firmware.
To obtain the updated firmware, please contact your local Ricoh representative.

Contact:

Please contact your local Ricoh representative or dealer if you have any queries.

History :
2023-01-24T17:00:00+09:00 : 1.01E Updated Resolution/workaround section
2022-12-26T17:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000005-2022-000002 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.