Notice on potential impact of "Apache Commons Text vulnerability" (CVE-2022-42889) towards Ricoh products and services

Last updated: 04:00 pm on February 07, 2023 (2023-02-07T14:00:00+09:00)
First published: 11:40 am on October 27, 2022 (2022-10-27T09:40:00+09:00)
Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.

Ricoh is aware of the reported "Apache Commons Text vulnerability" (CVE-2022-42889). A vulnerability in the variable interpolator of Apache Commons Text, a library for algorithms related to string processing, may allow arbitrary code execution if malicious input is processed. Please refer to the following URL for further details. https://nvd.nist.gov/vuln/detail/CVE-2022-42889

 Vulnerability Information IDricoh-2022-000001
 Version1.06E
 CVE ID(CWE ID)CVE-2022-42889 ( CWE-94 )
 CVSSv3 score9.8  CRITICAL 
 Overall status Investigation completed

List 1 below shows our investigation status/result, the vulnerability impact on Ricoh's major products and services.

List 1: Ricoh products and services affected by this vulnerability

Product/service  Category SubcategoryStatus
Office Products Multifunction Printers/Copiers  Black & White MFP Not affected
Color MFP Not affected
Wide Format MFP Not affected
PrintersBlack & White Laser Printers Not affected
Color Laser Printers Not affected
Gel Jet Printers Not affected
FAX Not affected
Digital Duplicators Not affected
Projectors Not affected
Video Conferencing Not affected
Interactive Whiteboards Not affected
Remote Communication Gates



Remote Communication Gate A2 Not affected
Remote Communication Gate A Not affected
Remote Communication Gate Type N/L/BN1/BM1 Not affected
Software & Solutions
Card Authentication Package Series Not affected
Device Manager NX Accounting Not affected
Device Manager NX Lite Not affected
DocuwareNot affected
GlobalScan NX Not affected
Enhanced Locked Print Series Not affected
Printer Driver Packager NX Not affected
@Remote Connector NX Not affected
Ricoh Smart Integration (RSI) Platform and its applications Not affected
RICOH Print Management Cloud Not affected
RICOH Streamline NX V2 Not affected
RICOH Streamline NX V3 Not affected
Commercial & Industrial Printing Cut sheet Printers Not affected
Wide Format Printers Not affected
Continuous Feed Not affected
Garment Printer Not affected
Digital Painting Not affected
Commercial & Industrial Printing Software Not affected

List 2: Ricoh products and services affected by this vulnerability

No data


Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2023-02-07T14:00:00+09:00 : 1.06E Updated contents
2022-11-18T18:30:00+09:00 : 1.05E Updated contents
2022-11-01T18:00:00+09:00 : 1.04E Updated contents
2022-10-31T18:00:00+09:00 : 1.03E Updated contents
2022-10-28T19:00:00+09:00 : 1.02E Updated contents
2022-10-27T17:00:00+09:00 : 1.01E Updated contents
2022-10-27T09:40:00+09:00 : 1.00E Initial public release