Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Canon. Show all posts

Canon Patches Seven Critical Flaws in Small Office Printers

 

Canon, a Japanese electronics company, released software patches on Monday that address seven major vulnerabilities impacting numerous small office printer models. 

Buffer overflow flaws are the issues that can be used to execute code remotely over a network or render a vulnerable product inoperable.

"These vulnerabilities point to the possibility that an unauthorised remote attacker could be able to execute arbitrary code and/or use the product as a target for a denial-of-service (DoS) attack over the Internet if a product is connected directly to the Internet without using a router (wired or Wi-Fi)," according to Canon. 

The vulnerabilities are tracked under the CVE-2023-6229, CVE-2023-6234, and CVE-2024-0244 codes. They have a 9.8 CVSS score, according to Japan's vulnerability information portal JVN.

According to NIST advisories, flaws were identified in a number of components, including the processes for downloading CPCA PDL resources, Address Book passwords, WSD probe requests, Address Book usernames, SLP attribute requests, CPCA Colour LUT resource downloads, and CPCA PCFAX number processes. 

The imageCLASS MF753CDW, MF751CDW, MF1333C, LBP674CDW, and LBP1333C series in North America; Satera LBP670C and MF750C series in Japan; and i-SENSYS LBP673Cdw, MF752Cdw, MF754Cdw, C1333i, C1333iF, and C1333P series in Europe are the printer types that are susceptible. 

However, the vulnerabilities affect firmware versions 03.07 and earlier for all models. The regional websites of Canon have updates that fix these issues.

No reports of these vulnerabilities being used have surfaced. However, we advise our clients to install the latest firmware available for the concerned models in order to improve the product's security," Canon states on its European support website. 

Customers should additionally limit access to the printers by concealing them behind a router or firewall, assigning them a secret IP address, and limiting access to them because the vulnerabilities mentioned above can be exploited remotely. 

Canon reports that Trend Micro's Zero Day Initiative (ZDI) was used to expose all seven security flaws.

XSS Bugs in Canon's Vitrea View Tool, Can Expose Patient Data


XSS Bugs in Canon's Vitrea View

In a penetration test, Trustwave Spiderlabs' experts found two reflected cross-site scriptings (XSS) flaws, together termed as CVE-2022-3746, in third-party software for Canon Medical's Vitrea View. The Vitrea View feature lets you view and safely share medical images via DICOM standard. 

"Canon Medical released a patch for these issues in version 7.7.6. We recommend all customers on version 7. x to update to the latest release. We always appreciate vendors like Canon Medical that approach the disclosure process with transparency and in the interest of the security of their products and users."

A threat actor can activate the bugs to access/change patient details (i.e. stored scans and images) and get extra access to some features related to Vitrea View. 

The first problem is an unauthorized Reflected XSS that exists in an error message at /vitrea-view/error/, reflecting all input following the /error/ subdirectory back to the user, with minor limitations. 

How does the bug work?

The researchers observed that space characters and single and double quotes can alter the reflection. The use of base 64 encoding and backticks (`) can allow to escape these restrictions, as well as importing remote scripts. 

The second problem is one more Reflected XSS within the Vitrea View Administrative panel. A threat actor can access the panel by luring the victims to click on a specially made link. 

The researchers found the search for 'limit', 'offset', and 'group' in the 'Group and Users' page of the admin panel all highlight their inputs back to the user, after the text is entered rather than anticipated numerical inputs. 

The report says :

"Like the previous finding, the reflected input is slightly restricted, as it does not allow spaces. Once an authenticated admin is coerced into visiting the affected URL, it is possible to create and modify the Python, JavaScript, and Groovy scripts used by the Vitrea View application.”

The researchers also wrote a proof-of-concept for both these vulnerabilities. Canon Medical handled these two vulnerabilities by releasing Vitrea View version 7.7.6.