"Canon Patches 7 Critical Vulnerabilities in Small Office Printers"

Japanese electronics maker Canon recently announced software updates that patch seven critical-severity vulnerabilities impacting several small office printer models.  The issues, described as buffer overflow bugs, can be exploited over the network for remote code execution (RCE) or to cause the vulnerable product to become unresponsive.  The flaws are tracked as CVE-2023-6229 through CVE-2023-6234 and CVE-2024-0244.  According to Japan’s vulnerability information portal JVN, they have a CVSS score of 9.8.  NIST advisories reveal that the flaws were identified in components such as the CPCA PDL resource download process, Address Book password process, WSD probe request process, Address Book username process, SLP attribute request process, CPCA Color LUT resource download process, and CPCA PCFAX number process.  The vulnerable printer models differ slightly based on region: i-SENSYS LBP673Cdw, MF752Cdw, MF754Cdw, C1333i, C1333iF, and C1333P series in Europe, imageCLASS MF753CDW, MF751CDW, MF1333C, LBP674CDW, and LBP1333C series in North America, and Satera LBP670C and MF750C series in Japan.  For all models, however, Canon noted that the vulnerabilities impact firmware versions 03.07 and earlier.  Updates that address these bugs can be found on Canon’s regional websites.  Canon did not discuss whether or not these vulnerabilities have been exploited.  

SecurityWeek reports: "Canon Patches 7 Critical Vulnerabilities in Small Office Printers"