Details of VAR-202302-1400

ID

VAR-202302-1400

CVE

CVE-2022-43969

TITLE

Vulnerabilities in multiple Ricoh products

Trust: 0.8

sources: JVNDB: JVNDB-2022-019541

DESCRIPTION

Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. RICOH MP C307 firmware, mp c407 firmware, mp c406 Unspecified vulnerabilities exist in multiple Ricoh products, including firmware.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-43969 // JVNDB: JVNDB-2022-019541 // VULMON: CVE-2022-43969

AFFECTED PRODUCTS

vendor:	ricoh	model:	im 430fb	scope:	lte	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	im 2500	scope:	lte	version:	4.02	Trust: 1.0
vendor:	ricoh	model:	pro c5300s	scope:	lte	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	im c400f	scope:	lte	version:	5.03	Trust: 1.0
vendor:	ricoh	model:	mp c4503	scope:	lte	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	im 3000	scope:	lte	version:	4.02	Trust: 1.0
vendor:	ricoh	model:	im 4000	scope:	lte	version:	4.02	Trust: 1.0
vendor:	ricoh	model:	im c300f	scope:	lte	version:	5.03	Trust: 1.0
vendor:	ricoh	model:	mp c3004ex	scope:	lte	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	mp c4504	scope:	lte	version:	1.22	Trust: 1.0
vendor:	ricoh	model:	mp c2504ex	scope:	lte	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	im c3500	scope:	lte	version:	6.03	Trust: 1.0
vendor:	ricoh	model:	mp c2504	scope:	lte	version:	1.21	Trust: 1.0
vendor:	ricoh	model:	mp 2555	scope:	lte	version:	1.18	Trust: 1.0
vendor:	ricoh	model:	im c530fb	scope:	lte	version:	6.17	Trust: 1.0
vendor:	ricoh	model:	mp c306	scope:	lte	version:	1.20	Trust: 1.0
vendor:	ricoh	model:	mp c2003	scope:	lte	version:	1.17	Trust: 1.0
vendor:	ricoh	model:	im 6000	scope:	lte	version:	4.02	Trust: 1.0
vendor:	ricoh	model:	im cw2200	scope:	lte	version:	1.01	Trust: 1.0
vendor:	ricoh	model:	mp c2503 smart operation panel	scope:	lte	version:	1.14	Trust: 1.0
vendor:	ricoh	model:	mp c307	scope:	lte	version:	1.14	Trust: 1.0
vendor:	ricoh	model:	mp c2004	scope:	lte	version:	1.21	Trust: 1.0
vendor:	ricoh	model:	mp 3055	scope:	lte	version:	1.18	Trust: 1.0
vendor:	ricoh	model:	mp c3004	scope:	lte	version:	1.21	Trust: 1.0
vendor:	ricoh	model:	mp c3503 smart operation panel	scope:	lte	version:	2.15	Trust: 1.0
vendor:	ricoh	model:	mp 6055	scope:	lte	version:	1.18	Trust: 1.0
vendor:	ricoh	model:	mp c6003	scope:	lte	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	mp 402spf	scope:	lte	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	im c5500	scope:	lte	version:	6.03	Trust: 1.0
vendor:	ricoh	model:	im 350f	scope:	lte	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	im c6000	scope:	lte	version:	6.03	Trust: 1.0
vendor:	ricoh	model:	im 8000	scope:	lte	version:	2.02	Trust: 1.0
vendor:	ricoh	model:	mp 5055	scope:	lte	version:	1.18	Trust: 1.0
vendor:	ricoh	model:	mp c3003	scope:	lte	version:	1.19	Trust: 1.0
vendor:	ricoh	model:	im c2000	scope:	lte	version:	6.03	Trust: 1.0
vendor:	ricoh	model:	im 5000	scope:	lte	version:	4.02	Trust: 1.0
vendor:	ricoh	model:	mp c407	scope:	lte	version:	1.14	Trust: 1.0
vendor:	ricoh	model:	mp c6004ex	scope:	lte	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	im c6500	scope:	lte	version:	4.0	Trust: 1.0
vendor:	ricoh	model:	im c300	scope:	lte	version:	5.03	Trust: 1.0
vendor:	ricoh	model:	mp c2004ex	scope:	lte	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	mp c4504ex	scope:	lte	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	mp c3504	scope:	lte	version:	1.21	Trust: 1.0
vendor:	ricoh	model:	im cw2201	scope:	lte	version:	1.11	Trust: 1.0
vendor:	ricoh	model:	im 550f	scope:	lte	version:	5.02	Trust: 1.0
vendor:	ricoh	model:	im c3000	scope:	lte	version:	6.03	Trust: 1.0
vendor:	ricoh	model:	mp 3555	scope:	lte	version:	1.18	Trust: 1.0
vendor:	ricoh	model:	im 3500	scope:	lte	version:	4.02	Trust: 1.0
vendor:	ricoh	model:	mp c5504ex	scope:	lte	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	mp c3504ex	scope:	lte	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	mp 305\+	scope:	lte	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	im 350	scope:	lte	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	im 9000	scope:	lte	version:	2.02	Trust: 1.0
vendor:	ricoh	model:	im 2702	scope:	lte	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	im c400srf	scope:	lte	version:	5.03	Trust: 1.0
vendor:	ricoh	model:	im c8000	scope:	lte	version:	4.0	Trust: 1.0
vendor:	ricoh	model:	mp 4055	scope:	lte	version:	1.18	Trust: 1.0
vendor:	ricoh	model:	mp c4503 smart operation panel	scope:	lte	version:	2.17	Trust: 1.0
vendor:	ricoh	model:	mp c5503	scope:	lte	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	mp c3503	scope:	lte	version:	1.19	Trust: 1.0
vendor:	ricoh	model:	mp c406	scope:	lte	version:	1.20	Trust: 1.0
vendor:	ricoh	model:	im c530f	scope:	lte	version:	6.17	Trust: 1.0
vendor:	ricoh	model:	im c2500	scope:	lte	version:	6.03	Trust: 1.0
vendor:	ricoh	model:	im 600srf	scope:	lte	version:	5.02	Trust: 1.0
vendor:	ricoh	model:	im c4500	scope:	lte	version:	6.03	Trust: 1.0
vendor:	ricoh	model:	mp c2003 smart operation panel	scope:	lte	version:	1.14	Trust: 1.0
vendor:	ricoh	model:	mp c6003 smart operation panel	scope:	lte	version:	2.17	Trust: 1.0
vendor:	ricoh	model:	mp c5504	scope:	lte	version:	1.22	Trust: 1.0
vendor:	ricoh	model:	im 7000	scope:	lte	version:	2.02	Trust: 1.0
vendor:	ricoh	model:	im 430f	scope:	lte	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	m c2001	scope:	lte	version:	1.01	Trust: 1.0
vendor:	ricoh	model:	pro c5310s	scope:	lte	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	mp c3003 smart operation panel	scope:	lte	version:	2.15	Trust: 1.0
vendor:	ricoh	model:	mp c6004	scope:	lte	version:	1.22	Trust: 1.0
vendor:	ricoh	model:	im 600f	scope:	lte	version:	5.02	Trust: 1.0
vendor:	ricoh	model:	mp c2503	scope:	lte	version:	1.17	Trust: 1.0
vendor:	ricoh	model:	mp c5503 smart operation panel	scope:	lte	version:	2.17	Trust: 1.0
vendor:	リコー	model:	ricoh mp c307	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	ricoh mp c6003	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c3503	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	im cw2200	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c2503	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c406	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c2003	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c3003	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c5503	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c5503 smart operation panel	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c306	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c407	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c4503 smart operation panel	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c3003 smart operation panel	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c6003 smart operation panel	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c2003 smart operation panel	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c2503 smart operation panel	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp 402spf	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	im cw2201	scope:	-	version:	-	Trust: 0.8
vendor:	リコー	model:	mp c4503	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-019541 // NVD: CVE-2022-43969

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-43969
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-43969
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-43969
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202302-1360
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2022-43969
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 2.0
NVD:	CVE-2022-43969
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-019541 // CNNVD: CNNVD-202302-1360 // NVD: CVE-2022-43969 // NVD: CVE-2022-43969

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-522	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-019541 // NVD: CVE-2022-43969

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1360

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-1360

PATCH

title:	Ricoh MP C4504ex Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=226781	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2022-43969	Trust: 0.1

sources: VULMON: CVE-2022-43969 // CNNVD: CNNVD-202302-1360

EXTERNAL IDS

db:	NVD	id:	CVE-2022-43969	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-019541	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-1360	Trust: 0.6
db:	VULMON	id:	CVE-2022-43969	Trust: 0.1

sources: VULMON: CVE-2022-43969 // JVNDB: JVNDB-2022-019541 // CNNVD: CNNVD-202302-1360 // NVD: CVE-2022-43969

REFERENCES

url:	https://www.ricoh.com/software/dev_soft_manager	Trust: 2.5
url:	https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2022-000002	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-43969	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-43969/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2022-43969	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2022-43969 // JVNDB: JVNDB-2022-019541 // CNNVD: CNNVD-202302-1360 // NVD: CVE-2022-43969

SOURCES

db:	VULMON	id:	CVE-2022-43969
db:	JVNDB	id:	JVNDB-2022-019541
db:	CNNVD	id:	CNNVD-202302-1360
db:	NVD	id:	CVE-2022-43969

LAST UPDATE DATE

2025-03-19T23:06:33.662000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2022-43969	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019541	date:	2023-10-26T03:53:00
db:	CNNVD	id:	CNNVD-202302-1360	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2022-43969	date:	2025-03-19T15:15:41.137

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2022-43969	date:	2023-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-019541	date:	2023-10-26T00:00:00
db:	CNNVD	id:	CNNVD-202302-1360	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2022-43969	date:	2023-02-16T14:15:17.220