Specific Ricoh MFP and Printer Products - Vulnerabilities in the PostScript
Ricoh has identified a reflected cross-site scripting vulnerability (XSS) via Web Image monitor (CVE ID is pending).
This vulnerability could allow an arbitrary script to be executed remotely.
The risk of vulnerability can be reduced by not directly connecting the product or service to the Internet, and using it within a network protected by a firewall or broadband router, or by setting a private IP address to make it inaccessible from the Internet.
Vulnerability Information ID: ricoh-2025-000001
Version: 1.01E
CVE ID(CWE ID)
CVSSv3 base score 6.1MEDIUM
To ensure stronger security, please follow the measures outlined below.
https://www.ricoh.com/security/products/setting
List 1 below shows the affected products and services.
List1: Ricoh products and services affected by this vulnerability
Product/service | Link to details |
IM 350F/350/430F/430Fb | Affected. For details, please refer to the following URL. |
M C320FW/C320FSE | Affected. For details, please refer to the following URL. |
P C375 | Affected. For details, please refer to the following URL. |
IM 550F/600F/600SRF | Affected. For details, please refer to the following URL. |
SP 5300DN/5310DN | Affected. For details, please refer to the following URL. |
P 800/801 | Affected. For details, please refer to the following URL. |
IM 350F/350/430F/430Fb | Affected. For details, please refer to the following URL. |
P 501/502 | Affected. For details, please refer to the following URL. |
IM 2500/3000/3500/4000/5000/6000 | Affected. For details, please refer to the following URL. |
SP 8400DN | Affected. For details, please refer to the following URL. |
MP 402SPF | Affected. For details, please refer to the following URL. |
IM C400F/C400SRF/C300F/C300 | Affected. For details, please refer to the following URL. |
P C600 | Affected. For details, please refer to the following URL. |
IM 370/370F/460F/460FTL | Affected. For details, please refer to the following URL. |
IM 7000/8000/9000 | Affected. For details, please refer to the following URL. |
IM C3000/C3500 | Affected. For details, please refer to the following URL. |
IM C4500/C5500/C6000 | Affected. For details, please refer to the following URL. |
M C2001 | Affected. For details, please refer to the following URL. |
IM C2000/C2500 | Affected. For details, please refer to the following URL. |
IM C3010/C3510 | Affected. For details, please refer to the following URL. |
IM C4510/C5510/C6010 | Affected. For details, please refer to the following URL. |
IM C2010/C2510 | Affected. For details, please refer to the following URL. |
IM C7010 | Affected. For details, please refer to the following URL. |
IM CW2200 | Affected. For details, please refer to the following URL. |
IP CW2200 | Affected. For details, please refer to the following URL. |
SP C352DN | Affected. For details, please refer to the following URL. |
Contact
Please contact your local Ricoh representative or dealer if you have any queries.
Acknowledgement:
Ricoh would like to thank Juan Pablo Gomez Postigo of Sprocket Security, Niels Eris of HackDefense, and Vincent Theriault of Precicom Technologies Inc. for reporting this vulnerability.
History:
2025-05-01T10:00:00+09:00 : 1.01E Updated List1
2025-04-30T10:00:00+09:00 : 1.00E Initial public release
| About Ricoh |
Ricoh is a leading provider of integrated digital services and print and imaging solutions designed to support digital transformation of workplaces, workspaces and optimise business performance.
Headquartered in Tokyo, Ricoh’s global operation reaches customers in approximately 200 countries and regions, supported by cultivated knowledge, technologies, and organisational capabilities nurtured over its 85-year history. In the financial year ended March 2025, Ricoh Group had worldwide sales of 2,527 billion yen (approx. 16.8 billion USD).
It is Ricoh’s mission and vision to empower individuals to find Fulfillment through Work by understanding and transforming how people work so we can unleash their potential and creativity to realise a sustainable future.
For further information, please visit www.ricoh.com