Notice on potential impact of "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) towards Ricoh products and services

21 Nov 2023

Last updated: 05:00 pm on December 25, 2023 (2023-12-25T15:00:00+09:00)
First published: 03:00 pm on November 21, 2023 (2023-11-21T13:00:00+09:00)
Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Apache ActiveMQ remote code execution vulnerability" (CVE-2023-46604) affecting certain products and services that Ricoh develops, manufactures, and offers.

List 1 below shows the affected products and services. Ricoh offers preventative measures detailed in the hyperlinked pages in the list.

The latest firmware has been released to resolve this vulnerability issue. 

Please check the list below and apply the firmware.

 Vulnerability Information IDricoh-2023-000005
 Version 1.01E
 CVE ID(CWE ID) CVE-2023-46604 ( CWE-502 )
 CVSSv3 score 9.8  CRITICAL 

List 1: Ricoh products and services affected by this vulnerability

Product/service  Link to details
RICOH Interactive
Whiteboard D5500
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000088-2023-000005
RICOH Interactive
Whiteboard D5510
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000089-2023-000005
RICOH Interactive
Whiteboard D2200
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000090-2023-000005
RICOH Interactive
Whiteboard Controller Type 1
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000091-2023-000005
RICOH Interactive
Whiteboard Controller Type 2
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000092-2023-000005
RICOH Interactive
Whiteboard Controller Type 3
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000093-2023-000005
RICOH Interactive
Whiteboard LT
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000094-2023-000005
RICOH Interactive
Whiteboard LT for Open Controller
Affected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000095-2023-000005

Contact

Please contact your local Ricoh representative or dealer if you have any queries. 

History:

2023-12-25T15:00:00+09:00 : 1.01E Released permanent measures.
2023-11-21T13:00:00+09:00 : 1.00E Initial public release