Product Advisories

Print This PageEmail This Page

Service Notice Update: Measures to be taken against potential vulnerability in RSA Key generation for Canon Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers

Updated On: October 18, 2022

Thank you for using Canon products.

A potential vulnerability (CVE-2022-26320) has been confirmed by Canon in the RSA key generating process in the cryptographic library mounted on Canon’s Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers (Affected products are listed below).

The risk of this vulnerability is the possibility of the private key for its RSA public key being exploited by a third party due to the incorrect generation process of the RSA key pair. If the RSA key pair is used for TLS or IPSec, which was generated by the cryptographic library with this vulnerability, the RSA Public Key can be used to guess and possibly decipher captured communications by a third party.

As of the date of this Service Notice Update, Canon has not received any reports that this vulnerability has impacted any Canon products. However, we recommend updating the firmware for the products listed below to the latest version available.

In instances where the RSA key pair had been created by the cryptographic library with this vulnerability, additional steps should be taken after you have upgraded the product’s firmware to the latest version. Depending on the product model, please refer to the steps listed below to check the key and additional corrective measures to be taken. In addition, we do not recommend that Canon products be directly connected to the Internet. When using Canon products, we recommend using a fire wall, a wire connected environment or a securely protected private network environment when using a Wi-Fi router, and we also recommend setting a private IP address.

Affected Products
Canon Enterprise/Small Office Multifunction Printers and Laser Printers/Inkjet Printers that require firmware updating and possible additional corrective action:

imageCLASS:
  • • imageCLASS LBP236dw/LBP237dw
  • • imageCLASS X MF1238 II
  • • imageCLASS X MF1643i II/MF1643iF II
  • • imageCLASS X MF1538C
  • • imageCLASS X LBP1538C

imagePROGRAF:
  • • imagePROGRAF PRO-300
  • • imagePROGRAF GP-200/GP-300
  • • imagePROGRAF GP-2000/GP-4000
  • • imagePROGRAF TZ-30000/TZ-30000 MFP Z36
  • • imagePROGRAF TX-3100/TX-3100 MFP Z36
  • • imagePROGRAF TX-4100/TX-4100 MFP Z36

imageRUNNER ADVANCE/imagePRESS Lite:
  • • imageRUNNER 1643i/1643iF
  • • imageRUNNER 2625/2630/2635/2645
  • • imageRUNNER C3226/C3222
  • • imageRUNNER ADVANCE 4551i/4545i/4535i/4525i
  • • imageRUNNER ADVANCE 4551i II/4545i II/4535i II/4525i II
  • • imageRUNNER ADVANCE 4551i III/4545i III/4535i III/4525i III
  • • imageRUNNER ADVANCE 6575i/6565i/6555i
  • • imageRUNNER ADVANCE 6575i II/6565i II/6555i II
  • • imageRUNNER ADVANCE 6575i III/6565i III/6555i III
  • • imageRUNNER ADVANCE 8505i/8585i/8595i
  • • imageRUNNER ADVANCE 8505i II/8585i II/8595i II
  • • imageRUNNER ADVANCE 8505i III/8585i III/8595i III
  • • imageRUNNER ADVANCE 527iZ/617iZ/717iZ
  • • imageRUNNER ADVANCE 525iF II/525iFZ II/615iF II/615iFZ II/715iF II/715iFZ II
  • • imageRUNNER ADVANCE 525iZ II/615iZ II/715iZ II
  • • imageRUNNER ADVANCE 525iF III/525iFZ III/615iF III/615iFZ III/715iF III/715iFZ III
  • • imageRUNNER ADVANCE 525iZ III/615iZ III/715iZ III
  • • imageRUNNER ADVANCE C3530i/C3525i
  • • imageRUNNER ADVANCE C3530i II/C3525i II
  • • imageRUNNER ADVANCE C3530i III/C3525i III
  • • imageRUNNER ADVANCE C5560i/C5550i/C5540i/C5535i
  • • imageRUNNER ADVANCE C5560i II/C5550i II/C5540i II/C5535i II
  • • imageRUNNER ADVANCE C5560i III/C5550i III/C5540i III/C5535i III
  • • imageRUNNER ADVANCE DX C5760i/C5750i/C5740i/C5735i
  • • imageRUNNER ADVANCE DX C568iF/C568iFZ
  • • imageRUNNER ADVANCE C7580i/C7570i/C7565i
  • • imageRUNNER ADVANCE C7580i II/C7570i II/C7565i II
  • • imageRUNNER ADVANCE C7580i III/C7570i III/C7565i III
  • • imageRUNNER ADVANCE C255iF/C355iF
  • • imageRUNNER ADVANCE C256iF II/C356iF II
  • • imageRUNNER ADVANCE C256iF III/C356iF III
  • • imageRUNNER ADVANCE C475iF III/C475iFZ III
  • • imageRUNNER ADVANCE C475iZ III
  • • imageRUNNER ADVANCE C477iZ
  • • imageRUNNER ADVANCE C478iZ/C568iZ
  • • imageRUNNER ADVANCE DX 4725i/4735i/4745i/4751i
  • • imageRUNNER ADVANCE DX 6765i/6780i
  • • imageRUNNER ADVANCE DX 6870i/6860i
  • • imageRUNNER ADVANCE DX 8705i/8786i/8795i
  • • imageRUNNER ADVANCE DX 6000i
  • • imageRUNNER ADVANCE DX 527iF/527iFZ/617iF/617iFZ/717iF/717iFZ
  • • imageRUNNER ADVANCE DX C3730i/C3725i
  • • imageRUNNER ADVANCE DX C3830i/C3826i/C3835i
  • • imageRUNNER ADVANCE DX C5760i/5750i/5740i/5735i
  • • imageRUNNER ADVANCE DX C5870i/C5860i/C5850i/C5840i
  • • imageRUNNER ADVANCE DX C7780i/C7770i/C7765i
  • • imageRUNNER ADVANCE DX C257iF/C357iF
  • • imageRUNNER ADVANCE DX C568iF/568iFZ
  • • imageRUNNER ADVANCE DX C477iF/C477iFZ
  • • imagePRESS Lite C165/C170

PIXMA:
  • • PIXMA G3160/G3260
  • • PIXMA G610/G620
  • • PIXMA PRO-200
  • • PIXMA TR150/TR152
  • • PIXMA TR4720/TR4722
  • • PIXMA TR7020
  • • PIXMA TR7020a/TR7022a
  • • PIXMA TR8620
  • • PIXMA TR8620a/TR8622a
  • • PIXMA TS3520/TS3522
  • • PIXMA TS5320
  • • PIXMA TS6320
  • • PIXMA TS6420
  • • PIXMA TS6420a
  • • PIXMA TS8320/TS8322

MAXIFY:
  • • MAXIFY GX5010/GX5020
  • • MAXIFY GX6010/GX6020/GX7010/GX7020
  • • MAXIFY GX6021/GX7021

Support
For more information, please review the following link “Securing products when connecting to a network” which can be accessed at: https://www.cla.canon.com/en_US/app/pdf/message-to-our-customers/Connecting-To-Network-Securely.pdf

Links to Instructions for addressing the replacement of affected RSA Keys:


If Canon determines that additional products may be subject to this potential vulnerability, we will inform you on this page.

* Regarding the availability of the firmware upgrades for Canon Enterprise/Small Office Multifunction Printers, please contact your Authorized Servicer in charge of servicing your Canon equipment.

Contact Information
Should you have any questions about the announcement, please contact the Authorized Service Facility in your area or you may contact the Call Center within your region.