“AMNESIA:33”: Embedded TCP/IP Stacks vulnerabilities – Updated 10 December 2020
Following investigation, we have determined that no imageRUNNER, imageRUNNER ADVANCE or i-SENSYS products are affected by this vulnerability. We are continuing our investigation across the Canon product range and will update this article as further information becomes available.
uniFLOW MicroMIND vulnerability – Updated 08 December 2020
It has been brought to our attention by the 'Federal Office for Information Security' (BSI) that the network implementation within the microMIND is vulnerable to a number of exploits. These vulnerabilities were discovered by 'Forescout Technologies', researchers Jos Wetzels, Stanislav Dashevskyi, Amine Amri, and Daniel dos Santos.
The microMIND utilises the uIP open-source network stack, https://en.wikipedia.org/wiki/UIP_(micro_IP) used by thousands of companies to network enable their software/hardware. The researchers found that if exploited these vulnerabilities could result in a DoS attack taking the device offline or performing Remote Code Execution (RCE) on the microMIND itself. To address these vulnerabilities NT-ware has released a new firmware that addresses all reported issues. At the time of writing this security bulletin there are no known exploits targeting the microMIND.
Exploit name/link: AMNESIA:33, https://www.forescout.com/amnesia33/
CVE's addressed in this firmware are: CVE-2020-13988, CVE-2020-13987, CVE-2020-17438, CVE-2020-17437
CVE's not related to the MicroMIND implementation of the uIP Stack: CVE-2020-17440, CVE-2020-17439, CVE-2020-24334, CVE-2020-24335
Affected uniFLOW microMIND Firmware: version 2.0.9 and earlier or delivered prior to October 2020.
Mitigation/Action: If you have an affected microMIND please contact your Canon representative to arrange upgrading the firmware.
Canon Laser and Small Office Multifunctional Printer related vulnerabilities with the IP Stack – Updated 01 October 2020
A cyber security company headquartered in Israel, SCADAfence Ltd., drew our attention to a vulnerability related to IP stack protocol, which is used by Canon Laser Printer and Small Office Multifunctional Printer. Please refer to CVE-2020-16849 for details.
The potential exists for a third-party attack on the device when it is connected to a network allowing fragments of the “Address book” or/and “administrator password” to be acquired through an unsecured network. It should be noted that when HTTPS is used for the communication of Remote UI, data is secured by encryption.
To date, there have been no confirmed cases of these vulnerabilities being exploited to cause harm. However, in order to ensure that our customers can use our products securely, new firmware will be available for the following products:
i-SENSYS MF Series
i-SENSYS LBP Series
Please refer to the User Manual for details on how to update firmware.
We recommend that a private IP address is used for products and use network parameter controls such as the use of a firewall or Wi-Fi router that can restrict network access. The ‘Security for Products Connected to a Network’ section further down on this page gives some additional guidance.
“Ripple20”: Multiple Vulnerabilities Identified in the TCP/IP Stack – Updated 30 September 2020
After investigation into the ‘Ripple20’ vulnerability, there has been no identified issue with Canon printer products.
Security provided by eight character numerical passwords – Added 06 March 2020
Whilst Canon’s wireless function password complies with the current WPA standard, we are aware that the security provided by eight-character numerical passwords isn’t considered to be as strong as it used to be. With this in mind, we recommend that in environments where wireless security is a concern, such as a public location, Canon equipment should always be connected to infrastructure Wi-Fi deployment. We take security seriously - we are updating the Wi-Fi security configurations across our products to help you remain secure and any update will be published on these pages. Canon would like to thank REDTEAM.PL for drawing our attention to the changing nature of password security and its impact on the market.
ImageRUNNER ADVANCE Syslog and Log events – Added 20 February 2020
The imageRUNNER ADVANCE software platform version 3.8 and later introduced the Syslog protocol (compliant with RFC 5424, RFC 5425 and RFC 5426) near real-time event messaging functionality adding to existing device logging increasing visibility of device and device security events. This builds upon the device logging capability allowing connection to an existing security information event management (SIEM) or Syslog server. The ‘SIEM_spec’ document given below details of the messages types and log data that can be generated.