Canon Canon

Do you want an email whenever new security vulnerabilities are reported in any Canon product?

Products by Canon Sorted by Most Security Vulnerabilities since 2018

Canon Mf269dw Vp1 vulnerability

Canon Mf242dw1 vulnerability

Canon Mf244dw1 vulnerability

Canon Mf245dw1 vulnerability

Canon Mf247dw1 vulnerability

Canon Mf249dw1 vulnerability

Canon Mf262dw1 vulnerability

Canon Mf264dw1 vulnerability

Canon Mf265dw1 vulnerability

Canon Mf267dw1 vulnerability

Canon Mf269dw1 vulnerability

Canon Mf237w1 vulnerability

Canon Mf4570dn1 vulnerability

Canon Mf4570dw1 vulnerability

Canon Mf4770n1 vulnerability

Canon Mf4780w1 vulnerability

Canon Mf4880dw1 vulnerability

Canon Mf4890dw1 vulnerability

Canon Print1 vulnerability

Canon Selphy Cp12001 vulnerability

Canon Lbp162dw1 vulnerability

Canon 2204f1 vulnerability

Canon 2204n1 vulnerability

Canon 2206if1 vulnerability

Canon Efi Printme1 vulnerability

Canon Irisnext1 vulnerability

Canon Lbp113w1 vulnerability

Canon Lbp151dw1 vulnerability

Canon Lbp1621 vulnerability

Canon 1 vulnerability

Canon Lbp162l1 vulnerability

Canon Mf113w1 vulnerability

Canon Mf212w1 vulnerability

Canon Mf217w1 vulnerability

Canon Mf222dw1 vulnerability

Canon Mf224dw1 vulnerability

Canon Mf227dw1 vulnerability

Canon Mf229dw1 vulnerability

Canon Mf232w1 vulnerability

By the Year

In 2022 there have been 3 vulnerabilities in Canon with an average score of 7.6 out of ten. Last year Canon had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Canon in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 1.27.

Year Vulnerabilities Average Score
2022 3 7.57
2021 3 6.30
2020 1 7.50
2019 1 5.50
2018 1 6.10

It may take a day or so for new Canon vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Canon Security Vulnerabilities

The BeanShell components of IRISNext through 9.8.28

CVE-2022-26111 8.8 - High - April 25, 2022

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

Command Injection

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys

CVE-2022-26320 9.1 - Critical - March 14, 2022

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate.

Use of Insufficiently Random Values

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe)

CVE-2021-20877 4.8 - Medium - February 08, 2022

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors.

XSS

Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access

CVE-2021-38154 7.5 - High - August 29, 2021

Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For example, an incoming FAX may be sent through e-mail to the attacker. This occurs when a PIN is not required for General User Mode, as exploited in the wild in August 2021.

Incorrect Permission Assignment for Critical Resource

Canon Oce Print Exec Workgroup 1.3.2

CVE-2021-39368 6.1 - Medium - August 23, 2021

Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.

XSS

Canon Oce Print Exec Workgroup 1.3.2

CVE-2021-39367 5.3 - Medium - August 23, 2021

Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.

Output Sanitization

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL

CVE-2020-12695 7.5 - High - June 08, 2020

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Incorrect Default Permissions

The ContentProvider in the

CVE-2019-14339 5.5 - Medium - September 05, 2019

The ContentProvider in the Canon PRINT jp.co.canon.bsd.ad.pixmaprint 2.5.5 application for Android does not properly restrict canon.ij.printer.capability.data data access. This allows an attacker's malicious application to obtain sensitive information including factory passwords for the administrator web interface and WPA2-PSK key.

Information Disclosure

Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface

CVE-2018-12111 6.1 - Medium - June 11, 2018

Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.

XSS

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet

CVE-2006-7065 - March 02, 2007

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

Microsoft Internet Explorer 6

CVE-2006-3354 - July 06, 2006

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML

CVE-2006-1185 - April 11, 2006

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

Microsoft Internet Explorer 5.01 through 6

CVE-2006-1188 - April 11, 2006

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods

CVE-2006-1192 - April 11, 2006

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.

Improper Input Validation

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers

CVE-2005-4827 - December 31, 2005

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.