9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.7%
Ricoh is aware of the reported ‘Threat of folder user password breach’ (CVE-2022-43969) that affects certain products and services that Ricoh develops, manufactures, and offers. The user password for the folder, that is saved to a device with data transmission functionality, may be breached via a malicious ftp server by changing data transmission setting.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501976);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/14");
script_cve_id("CVE-2022-43969");
script_name(english:"RICOH Multiple Products Threat of Folder User Password Breach (CVE-2022-43969)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Ricoh is aware of the reported 'Threat of folder user password breach' (CVE-2022-43969)
that affects certain products and services that Ricoh develops, manufactures, and offers.
The user password for the folder, that is saved to a device with data transmission functionality,
may be breached via a malicious ftp server by changing data transmission setting.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://www.ricoh.com/software/dev_soft_manager");
# https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2022-000002
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4eafd46c");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-43969");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/16");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_2500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_2702_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_3000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_3500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_350_firmware:1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_350f_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_4000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_430f_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_430fb_firmware:1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_5000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_550f_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_6000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_600f_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_600srf_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_7000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_8000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_9000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c2000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c2500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c3000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c300_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c300f_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c3500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c400f_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c400srf_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c4500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c530f_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c530fb_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c5500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c6000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c6500_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_c8000_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_cw2200_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:im_cw2201_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:m_c2001_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_2555_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_305%2b_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_3055_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_3555_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_402spf_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_4055_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_5055_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_6055_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2003_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2003_smart_operation_panel_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2004_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2004ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2503_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2503_smart_operation_panel_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2504_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c2504ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3003_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3003_smart_operation_panel_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3004_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3004ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c306_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c307_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3503_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3503_smart_operation_panel_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3504_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c3504ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c406_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c407_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c4503_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c4503_smart_operation_panel_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c4504_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c4504ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c5503_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c5503_smart_operation_panel_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c5504_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c5504ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c6003_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c6003_smart_operation_panel_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c6004_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:mp_c6004ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:pro_c5300s_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ricoh:pro_c5310s_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/RICOH");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/RICOH');
var asset = tenable_ot::assets::get(vendor:'RICOH');
var vuln_cpes = {
"cpe:/o:ricoh:mp_c307_firmware" :
{"versionEndIncluding" : "1.14", "family" : "MFP"},
"cpe:/o:ricoh:mp_c407_firmware" :
{"versionEndIncluding" : "1.14", "family" : "MFP"},
"cpe:/o:ricoh:mp_c406_firmware" :
{"versionEndIncluding" : "1.20", "family" : "MFP"},
"cpe:/o:ricoh:mp_c306_firmware" :
{"versionEndIncluding" : "1.20", "family" : "MFP"},
"cpe:/o:ricoh:im_cw2200_firmware" :
{"versionEndIncluding" : "1.01", "family" : "MFP"},
"cpe:/o:ricoh:im_cw2201_firmware" :
{"versionEndIncluding" : "1.11", "family" : "MFP"},
"cpe:/o:ricoh:mp_402spf_firmware" :
{"versionEndIncluding" : "1.12", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2003_smart_operation_panel_firmware" :
{"versionEndIncluding" : "1.14", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2503_smart_operation_panel_firmware" :
{"versionEndIncluding" : "1.14", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2003_firmware" :
{"versionEndIncluding" : "1.17", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2503_firmware" :
{"versionEndIncluding" : "1.17", "family" : "MFP"},
"cpe:/o:ricoh:mp_c4503_firmware" :
{"versionEndIncluding" : "1.12", "family" : "MFP"},
"cpe:/o:ricoh:mp_c5503_firmware" :
{"versionEndIncluding" : "1.12", "family" : "MFP"},
"cpe:/o:ricoh:mp_c6003_firmware" :
{"versionEndIncluding" : "1.12", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3003_firmware" :
{"versionEndIncluding" : "1.19", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3503_firmware" :
{"versionEndIncluding" : "1.19", "family" : "MFP"},
"cpe:/o:ricoh:mp_c4503_smart_operation_panel_firmware" :
{"versionEndIncluding" : "2.17", "family" : "MFP"},
"cpe:/o:ricoh:mp_c5503_smart_operation_panel_firmware" :
{"versionEndIncluding" : "2.17", "family" : "MFP"},
"cpe:/o:ricoh:mp_c6003_smart_operation_panel_firmware" :
{"versionEndIncluding" : "2.17", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3003_smart_operation_panel_firmware" :
{"versionEndIncluding" : "2.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3503_smart_operation_panel_firmware" :
{"versionEndIncluding" : "2.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2004ex_firmware" :
{"versionEndIncluding" : "1.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2504ex_firmware" :
{"versionEndIncluding" : "1.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c4504ex_firmware" :
{"versionEndIncluding" : "1.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c5504ex_firmware" :
{"versionEndIncluding" : "1.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c6004ex_firmware" :
{"versionEndIncluding" : "1.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3004ex_firmware" :
{"versionEndIncluding" : "1.15", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3504ex_firmware" :
{"versionEndIncluding" : "1.15", "family" : "MFP"},
"cpe:/o:ricoh:pro_c5300s_firmware" :
{"versionEndIncluding" : "1.07", "family" : "MFP"},
"cpe:/o:ricoh:pro_c5310s_firmware" :
{"versionEndIncluding" : "1.07", "family" : "MFP"},
"cpe:/o:ricoh:m_c2001_firmware" :
{"versionEndIncluding" : "1.01", "family" : "MFP"},
"cpe:/o:ricoh:im_c530f_firmware" :
{"versionEndIncluding" : "6.17", "family" : "MFP"},
"cpe:/o:ricoh:im_c530fb_firmware" :
{"versionEndIncluding" : "6.17", "family" : "MFP"},
"cpe:/o:ricoh:im_350f_firmware" :
{"versionEndIncluding" : "1.10", "family" : "MFP"},
"cpe:/o:ricoh:im_350_firmware:1" :
{"versionEndIncluding" : "1.10", "family" : "MFP"},
"cpe:/o:ricoh:im_430f_firmware" :
{"versionEndIncluding" : "1.10", "family" : "MFP"},
"cpe:/o:ricoh:im_430fb_firmware:1" :
{"versionEndIncluding" : "1.10", "family" : "MFP"},
"cpe:/o:ricoh:mp_305%2b_firmware" :
{"versionEndIncluding" : "1.12", "family" : "MFP"},
"cpe:/o:ricoh:im_350_firmware:1" :
{"versionEndIncluding" : "1.10", "family" : "MFP"},
"cpe:/o:ricoh:im_430fb_firmware:1" :
{"versionEndIncluding" : "1.10", "family" : "MFP"},
"cpe:/o:ricoh:im_550f_firmware" :
{"versionEndIncluding" : "5.02", "family" : "MFP"},
"cpe:/o:ricoh:im_600f_firmware" :
{"versionEndIncluding" : "5.02", "family" : "MFP"},
"cpe:/o:ricoh:im_600srf_firmware" :
{"versionEndIncluding" : "5.02", "family" : "MFP"},
"cpe:/o:ricoh:im_7000_firmware" :
{"versionEndIncluding" : "2.02", "family" : "MFP"},
"cpe:/o:ricoh:im_8000_firmware" :
{"versionEndIncluding" : "2.02", "family" : "MFP"},
"cpe:/o:ricoh:im_9000_firmware" :
{"versionEndIncluding" : "2.02", "family" : "MFP"},
"cpe:/o:ricoh:mp_2555_firmware" :
{"versionEndIncluding" : "1.18", "family" : "MFP"},
"cpe:/o:ricoh:mp_3055_firmware" :
{"versionEndIncluding" : "1.18", "family" : "MFP"},
"cpe:/o:ricoh:mp_3555_firmware" :
{"versionEndIncluding" : "1.18", "family" : "MFP"},
"cpe:/o:ricoh:mp_4055_firmware" :
{"versionEndIncluding" : "1.18", "family" : "MFP"},
"cpe:/o:ricoh:mp_5055_firmware" :
{"versionEndIncluding" : "1.18", "family" : "MFP"},
"cpe:/o:ricoh:mp_6055_firmware" :
{"versionEndIncluding" : "1.18", "family" : "MFP"},
"cpe:/o:ricoh:im_2500_firmware" :
{"versionEndIncluding" : "4.02", "family" : "MFP"},
"cpe:/o:ricoh:im_3000_firmware" :
{"versionEndIncluding" : "4.02", "family" : "MFP"},
"cpe:/o:ricoh:im_3500_firmware" :
{"versionEndIncluding" : "4.02", "family" : "MFP"},
"cpe:/o:ricoh:im_4000_firmware" :
{"versionEndIncluding" : "4.02", "family" : "MFP"},
"cpe:/o:ricoh:im_5000_firmware" :
{"versionEndIncluding" : "4.02", "family" : "MFP"},
"cpe:/o:ricoh:im_6000_firmware" :
{"versionEndIncluding" : "4.02", "family" : "MFP"},
"cpe:/o:ricoh:im_2702_firmware" :
{"versionEndIncluding" : "1.12", "family" : "MFP"},
"cpe:/o:ricoh:im_c400f_firmware" :
{"versionEndIncluding" : "5.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c300f_firmware" :
{"versionEndIncluding" : "5.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c300_firmware" :
{"versionEndIncluding" : "5.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c400srf_firmware" :
{"versionEndIncluding" : "5.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c2000_firmware" :
{"versionEndIncluding" : "6.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c2500_firmware" :
{"versionEndIncluding" : "6.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c6000_firmware" :
{"versionEndIncluding" : "6.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c5500_firmware" :
{"versionEndIncluding" : "6.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c3000_firmware" :
{"versionEndIncluding" : "6.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c3500_firmware" :
{"versionEndIncluding" : "6.03", "family" : "MFP"},
"cpe:/o:ricoh:im_c4500_firmware" :
{"versionEndIncluding" : "6.03", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2504_firmware" :
{"versionEndIncluding" : "1.21", "family" : "MFP"},
"cpe:/o:ricoh:mp_c2004_firmware" :
{"versionEndIncluding" : "1.21", "family" : "MFP"},
"cpe:/o:ricoh:mp_c4504_firmware" :
{"versionEndIncluding" : "1.22", "family" : "MFP"},
"cpe:/o:ricoh:mp_c5504_firmware" :
{"versionEndIncluding" : "1.22", "family" : "MFP"},
"cpe:/o:ricoh:mp_c6004_firmware" :
{"versionEndIncluding" : "1.22", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3504_firmware" :
{"versionEndIncluding" : "1.21", "family" : "MFP"},
"cpe:/o:ricoh:mp_c3004_firmware" :
{"versionEndIncluding" : "1.21", "family" : "MFP"},
"cpe:/o:ricoh:im_c6500_firmware" :
{"versionEndIncluding" : "4.0", "family" : "MFP"},
"cpe:/o:ricoh:im_c8000_firmware" :
{"versionEndIncluding" : "4.0", "family" : "MFP"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
ricoh | mp_c2004ex_firmware | cpe:/o:ricoh:mp_c2004ex_firmware | |
ricoh | mp_c2503_firmware | cpe:/o:ricoh:mp_c2503_firmware | |
ricoh | mp_c2503_smart_operation_panel_firmware | cpe:/o:ricoh:mp_c2503_smart_operation_panel_firmware | |
ricoh | mp_c2504_firmware | cpe:/o:ricoh:mp_c2504_firmware | |
ricoh | mp_c2504ex_firmware | cpe:/o:ricoh:mp_c2504ex_firmware | |
ricoh | im_2500_firmware | cpe:/o:ricoh:im_2500_firmware | |
ricoh | im_2702_firmware | cpe:/o:ricoh:im_2702_firmware | |
ricoh | im_3000_firmware | cpe:/o:ricoh:im_3000_firmware | |
ricoh | im_3500_firmware | cpe:/o:ricoh:im_3500_firmware | |
ricoh | im_350_firmware | 1 | cpe:/o:ricoh:im_350_firmware:1 |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.7%