A security vulnerability has been identified in UTAX MFPs. UTAX knows about this vulnerability and takes it very seriously. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.
1. Vulnerability description
Vulnerability number: CVE-2022-1026
By using SOAP-based Enhanced WSD protocol there is a possibility that the device will respond without user authentication and enable data acquisition of the registered address book despite prior settings to require user authentication.
2. Impact on our products
We will provide firmware for MFPs to close the gap. It is expected that there is no impact from this vulnerability, unless there is an external intrusion into the customer's network. Security measures such as Firewall are recommended. We advise to disable the Enhanced WSD protocol and to enable the Enhanced WSD over SSL protocol.
Firmware updates or release dates are already available for the products listed below. The list will be updated continuously as soon as new information is available.