A Server-Side Request Forgery vulnerability
First published: 04:00 pm on February 21, 2023 (2023-02-21T14:00:00+09:00)
Ricoh Company, Ltd.
Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh has identified a Server-Side Request Forgery (SSRF) vulnerability(CVE-2023-23560) in some of our devices listed below.
SSRF can occur because of a lack of input validation.
Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device. Please refer to the following URL for further details:
https://nvd.nist.gov/vuln/detail/CVE-2023-23560
| Vulnerability Information ID | ricoh-2023-000002 |
| Version | 1.00E |
| CVE ID(CWE ID) | CVE-2023-23560 (CWE-918) |
| CVSSv3 score | 9.0 High |
List 1: Ricoh products affected by this vulnerability
| Product/service | Link to details |
| M C240FW | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000067-2023-000002 |
| P C200W | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000065-2023-000002 |
Contact
Please contact your local Ricoh representative or dealer if you have any queries.
History:
2023-02-21T14:00:00+09:00 : 1.00E Initial public release
News
Keep up to date
- 18Jul
Ricoh recognised as a CDP Supplier Engagement Leader for the fifth consecutive year
- 07Jul
Ricoh named in TIME World's Most Sustainable Companies of 2025
- 30Jun
Ricoh IM C Series Wins "Best Print Productivity, A3 MFPs" at 'DataMaster' Digital Imaging Awards 2025
- 24Jun
Ricoh Asia Pacific Launches High-Print-Volume A3 Colour Multifunction Printers