Change Country/Area Global
Main content

IMPORTANT Notice on potential impact of "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) towards RICOH Interactive Whiteboard Controller Type 1.

Last updated: 06:00 am on December 25, 2023 (2023-12-25T15:00:00+09:00)
First published: 04:00 am on November 21, 2023 (2023-11-21T13:00:00+09:00)
Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) affects RICOH Interactive Whiteboard Controller Type 1.

 

Ricoh offers measures detailed below.

  • Advisory ID
    ricoh-prod000091-2023-000005
  • Version
    1.01E
  • CVE ID (CWE ID)
    CVE-2023-46604 ( CWE-502 )
  • CVSSv3 base score
    9.8CRITICAL

Potential impact

The products operating with Apache ActiveMQ are potentially threatened, which could allow a third party to remotely access the products and execute arbitrary commands.

Affected components and versions

Products or Services Components Versions
RICOH Interactive Whiteboard Controller Type 1 Firmware Less than Ver.2.12

You can check it by following the steps below.
1. Display the desktop. 
2. Touch [Settings] two times in quick succession.
3. Touch [Version Information]

Resolution

[Permanent resolution]
The firmware has been updated to Ver.2.12.10004.0 on 25th December, 2023. To solve this vulnerability, please take an action using one of the below methods.

 

[Update from Network]
Checks and updates the latest version of the system via a network.
About 5 minutes after Ricoh Interactive Whiteboard starts, the latest firmware is checked and downloaded.
The system is not updated immediately but at the next startup.
For the settings required for updating the system via a network, see "Changing the System Settings" of Ricoh Interactive Whiteboard Controller Type 1 Operating Instructions(Controller Features)

 

[Update from USB Memory device]
Downloads the latest firmware from Ricoh website and save it to a USB flash memory device to update.
For the settings required for updating the system using a USB flash memory device, see "Updating the System Using a USB Flash Memory Device" of Ricoh Interactive Whiteboard Controller Type 1 Operating Instructions(Controller Features)

Contact:

Please contact your local Ricoh representative or dealer if you have any queries.

History :
2023-12-25T15:00:00+09:00 : 1.01E Released permanent measures.
2023-11-21T13:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000091-2023-000005 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.