Notice of potential vulnerability in RSA key generation
Service Notice Update: Measures to be taken against potential vulnerability in RSA Key generation for Canon Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers
Updated On: October 18, 2022
A potential vulnerability (CVE-2022-26320) has been confirmed by Canon in the RSA key generating process in the cryptographic library mounted on Canon’s Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers (Affected products are listed below).
The risk of this vulnerability is the possibility of the private key for its RSA public key being exploited by a third party due to the incorrect generation process of the RSA key pair. If the RSA key pair is used for TLS or IPSec, which was generated by the cryptographic library with this vulnerability, the RSA Public Key can be used to guess and possibly decipher captured communications by a third party.
As of the date of this Service Notice Update, Canon has not received any reports that this vulnerability has impacted any Canon products. However, we recommend updating the firmware for the products listed below to the latest version available.
In instances where the RSA key pair had been created by the cryptographic library with this vulnerability, additional steps should be taken after you have upgraded the product’s firmware to the latest version. Depending on the product model, please refer to the steps listed below to check the key and additional corrective measures to be taken. In addition, we do not recommend that Canon products be directly connected to the Internet. When using Canon products, we recommend using a fire wall, a wire connected environment or a securely protected private network environment when using a Wi-Fi router, and we also recommend setting a private IP address.
For more information, please review the following link "Securing products when connecting to a network" which can be accessed at: https://global.canon/en/support/security/prd-secu.html
Canon Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers that require firmware updating and possible additional corrective action:
imageCLASS:
imageCLASS LBP236dw/LBP237dw
imageCLASS X MF1238 II
imageCLASS X MF1643i II/MF1643iF II
imageCLASS X MF1538C
imageCLASS X LBP1538C
imagePROGRAF:
imagePROGRAF PRO-300
imagePROGRAF GP-200/GP-300
imagePROGRAF GP-2000/GP-4000
imagePROGRAF TZ-30000/TZ-30000 MFP Z36
imagePROGRAF TX-3100/TX-3100 MFP Z36
imagePROGRAF TX-4100/TX-4100 MFP Z36
imageRUNNER ADVANCE/imagePRESS Lite:
imageRUNNER 1643i/1643iF
imageRUNNER ADVANCE 4551i/4545i/4535i/4525i
imageRUNNER ADVANCE 4551i II/4545i II/4535i II/4525i II
imageRUNNER ADVANCE 4551i III/4545i III/4535i III/4525i III
imageRUNNER ADVANCE 6575i/6565i/6555i
imageRUNNER ADVANCE 6575i II/6565i II/6555i II
imageRUNNER ADVANCE 6575i Ⅲ/6565i Ⅲ/6555i Ⅲ
imageRUNNER ADVANCE 8505i/8585i/8595i
imageRUNNER ADVANCE 8505i II/8585i II/8595i II
imageRUNNER ADVANCE 8505i III/8585i III/8595i III
imageRUNNER ADVANCE 525iF II/525iFZ II/615iF II/615iFZ II/715iF II/715iFZ II
imageRUNNER ADVANCE 525iF III/525iFZ III/615iF III/615iFZ III/715iF III/715iFZ III
imageRUNNER ADVANCE C3530i/C3525i
imageRUNNER ADVANCE C3530i II/C3525i II
imageRUNNER ADVANCE C3530i Ⅲ/C3525i Ⅲ
imageRUNNER ADVANCE C5560i/C5550i/C5540i/C5535i
imageRUNNER ADVANCE C5560i II/C5550i II/C5540i II/C5535i II
imageRUNNER ADVANCE C5560i Ⅲ/C5550i Ⅲ/C5540i Ⅲ/C5535i Ⅲ
imageRUNNER ADVANCE DX C5760i/C5750i /C5740i /C5735i
imageRUNNER ADVANCE DX C568iF/C568iFZ
imageRUNNER ADVANCE C7580i/C7570i/C7565i
imageRUNNER ADVANCE C7580i II/C7570i II/C7565i II
imageRUNNER ADVANCE C7580i Ⅲ/C7570i Ⅲ/C7565i Ⅲ
imageRUNNER ADVANCE C255iF/C355iF
imageRUNNER ADVANCE C256iF II/C356iF II
imageRUNNER ADVANCE C256iF III/C356iF Ⅲ
imageRUNNER ADVANCE C475iF III/C475iFZ III
imageRUNNER ADVANCE DX 4725i/4735i/4745i/4751i
imageRUNNER ADVANCE DX 6765i/6780i
imageRUNNER ADVANCE DX 6870i/6860i
imageRUNNER ADVANCE DX 8705i/8786i/8795i
imageRUNNER ADVANCE DX 6000i
imageRUNNER ADVANCE DX 527iF/527iFZ/617iF/617iFZ/717iF/717iFZ
imageRUNNER ADVANCE DX C3730i/C3725i
imageRUNNER ADVANCE DX C3830i /C3826i /C3835i
imageRUNNER ADVANCE DX C5760i/5750i /5740i /5735i
imageRUNNER ADVANCE DX C5870i /C5860i /C5850i /C5840i
imageRUNNER ADVANCE DX C7780i/C7770i/C7765i
imageRUNNER ADVANCE DX C257iF/C357iF
imageRUNNER ADVANCE DX C568iF/568iFZ
imageRUNNER ADVANCE DX C477iF/C477iFZ
imagePRESS Lite C165/C170
PIXMA:
PIXMA G3260
PIXMA G620
PIXMA PRO-200
PIXMA TR150/TR152
PIXMA TR4720/TR4722
PIXMA TR7020
PIXMA TR7020a/TR7022a
PIXMA TR8620
PIXMA TR8620a/TR8622a
PIXMA TS3520/TS3522
PIXMA TS5320
PIXMA TS6320
PIXMA TS6420
PIXMA TS6420a
PIXMA TS8320/TS8322
MAXIFY:
MAXIFY GX5020
MAXIFY GX6020/GX7020
MAXIFY GX6021/GX7021
If Canon determines that additional products may be subject to this potential vulnerability, we will inform you on this page.
*Regarding the availability of the firmware upgrades for Canon Enterprise/Small Office Multifunction Printers, please contact your Authorized Servicer in charge of servicing your Canon equipment.
Links to Instructions for addressing the replacement of affected RSA Keys:
[imageRUNNER ADVANCE DX/imageRUNNER ADVANCE/imagePRESS Lite/imageRUNNER Series/imageCLASS X Series]
Link: Steps to check and take a measure for Enterprise Multifunction Printers
[imagePROGRAF/PIXMA/MAXIFY Series]
Link: Steps to check and take a measure for imagePROGRAF and PIXMA/MAXIFY series Printers