Updated: 09.12.23

Canon U.S.A., Inc. has recently become aware of potential multiple buffer overflow vulnerabilities in the Canon Laser Printers/Inkjet Printers and Small Office Multifunctional Printers listed under Affected models below. If the product is connected directly to the internet without using a wired or Wi-Fi router, a third party could potentially execute arbitrary code or the product could be subjected to a Denial-of-Service (DoS) attack. In addition, there is the potential for arbitrary files to be installed by a third party due to improper authentication of the Remote User Interface (printer web portal).:

Buffer Overflow

                    CVE-2023-0851             CVE-2023-0855

                    CVE-2023-0852            CVE-2023-0856    

                    CVE-2023-0853            CVE-2022-43974    

                    CVE-2023-0854            CVE-2022-43608
 

Problems During Initial Registration of System Administrators in Control Protocols

                        CVE-2023-0857

Improper authentication of the printer’s web portal

                        CVE-2023-0858

Installation of arbitrary files

                        CVE-2023-0859

Affected models:

imageCLASS D Series
D1620/D1650

imageCLASS MF Series
MF1127C
MF1238/MF1238 II
MF1333C^
MF1643I II/MF1643IF II
MF262DW II/MF264DW II/MF267DW II/MF269DW II/MF269DW VP II
MF272DW/MF273DW/MF275DW
MF424DW/MF426DW/MF429DW/MF525DW
MF445DW/MF448DW/MF449DW/MF543DW
MF451DW/MF452DW/MF453DW/MF455DW
MF632CDW/MF634CDW
MF641CW/MF642CDW/MF644CDW
MF652CW/MF653CDW/MF654CDW/MF656CDW
MF731CDW/MF733CDW/MF735CDW
MF741CDW/MF743CDW/MF745CDW/MF746CDW
MF751CDW^/MF753CDW^

imageCLASS LBP Series
LBP1127C
LBP1238/LBP1238 II
LBP1333C^
LBP122DW
LBP214DW^^/LBP215DW^^
LBP226DW/LBP227DW/LBP228DW
LBP236DW/LBP237DW
LBP612CDW
LBP622CDW/LBP623CDW
LBP632CDW/LBP633CDW
LBP654CDW
LBP664CDW
LBP674CDW^

imagePROGRAF Series
TC-20*/TC-20M

PIXMA Series
G3270*/G4270*

MAXIFY Series
GX3020*/GX4020*

Note: If we determine that additional products could potentially be impacted by this matter, we will issue an updated Service Notice.

^ Models added on 09.07.23
^^ Models added on 09.12.23

Firmware download:

Please proceed to https://www.usa.canon.com/support or click on the Affected model links above to navigate to the latest firmware. Once here, change the Type filter to Firmware, then download and install the latest version.

* For these models, the updated firmware will not be available on the Canon website; however it is recommended to use the Firmware Update feature on your device while connected to the network to update to the latest version.

Furthermore, if you have not done so already, we recommend that you set up a private IP address for products and create a network environment with a firewall or Wi-Fi router that can restrict network access.

In addition, please check “Regarding security for products connected to a network” in the URL below for other security measures that can be used with your Canon products.

https://global.canon/en/support/security/prd-secu.html

Thank you,

Customer Support

Canon U.S.A., Inc.

Get personalized support via My Canon Account. Access your account, or create a new account, click here to get started.