Skip to main content

Security related information: Security vulnerabilities in our products

A security vulnerability has been identified in UTAX’s MFPs and printers. The following is an overview of the issue and how to resolve it. As of the date of publication of this notice, we have not confirmed any attacks that take advantage of this vulnerability.
1.   Vulnerability description
Three vulnerabilities have been identified.
Vulnerability number:JVN#46345126
  1. Session Management Defects in Command Center Vulnerability (CVE-2022-41798)
    A vulnerability that allows users to login without login authentication by forged cookies in an environment where the product is accessible through Command Center.
  2. Inadequate Authentication of Command Center (CVE-2022-41807)
    In an usage environment where the product is accessible via Command Center, if a client (a malicious attacker's personal computer) issues a request to a server (the product) to change device settings using the Common Gateway Interface (CGI), configuration changes can be made without logging in to Command Center.
  3. Cross-site scripting vulnerability in Command Center (CVE-2022-41830
    In an usage environment where the product is accessible via Command Center, a vulnerability could allow an attacker to embed malicious JavaScript in a certificate by exploiting the ability to register, configure, and reference SSL/TLS certificates in the Command Center security settings. Therefore, when the equipment administrator logs in to the Command Center and references the SSL/TLS certificate, JavaScript is executed and the equipment administrator can be victimized.
2.   Countermeasures
UTAX is providing firmware that addresses the security vulnerability. This vulnerability is not expected to have any impact unless it is introduced into the customer's network from the outside. Firewalls and other security measures are recommended.
3.   Impact on our products
Below you will find an overview of UTAX products that are NOT affected by the security vulnerabilities.
Firmware updates are already available for the products listed below that are affected by the vulnerabilities:
Product
UTAX CDC 5526
UTAX CDC 5626
UTAX CDC 5526L
UTAX CDC 1626
UTAX CDC 1726
UTAX CLP 3721
UTAX CLP 3726
UTAX 1855
UTAX 2256

We will publish further firmware updates here on an ongoing basis.


Status: 15.11.2022