Spring4shell vulnerability
Last updated: 28 April 2022
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The malicious class file can do virtually anything: leak data or secrets, launch other software such as ransomware, mine cryptocurrencies, introduce backdoors or create a steppingstone further into a network.
The goal of this page is to list the Canon Production Printing (CPP) products that may be impacted by the following CVE reports:
- CVE-2022-22947
- CVE-2022-22950
- CVE-2022-22963
- CVE-2022-22965
The table below gives the vulnerability status for the Canon Production Printing hardware and software products listed. Please check back regularly to be informed regarding the updated status.
Products assessed and status
CTS – Cutsheet and Toner Systems / Inkjet Sheetfed Press
| Products | Status |
| PRISMAsync print server based products | Not impacted |
| varioPRINT 140 series | Not impacted |
| varioPRINT 6000 series | Not impacted |
| varioPRINT i-series | Not impacted |
| varioPRINT iX-series | Not impacted |
| Service Control Station (SCS) for VPi300 series and VPiX series | Not impacted |
| Tablet for VPi300 series and VPiX series | Not impacted |
| PRISMAsync i300/iX Simulator | Not impacted |
| PRISMAprepare V6 | Not impacted |
| PRISMAprepare V7 | Not impacted |
| PRISMAprepare V8 | Not impacted |
| PRISMAdirect V1 | Not impacted |
| PRISMAprofiler | Not impacted |
| PRISMA Cloud
PRISMA Home PRISMAprepare Go PRISMAlytics Accounting |
Not impacted |
PPP – Production Printing Products
| Products | Status |
| ColorStream 3×00
ColorStream 3x00Z |
Not impacted |
| Colorstream 6000 | Not impacted |
| ColorStream 8000 | Not impacted |
| ProStream 1×00 | Not impacted |
| LabelStream 4000 series | Not impacted |
| ImageStream | Not impacted |
| JetStream V1
JetStream V2 |
Not impacted |
| VarioStream 4000 | Not impacted |
| VarioStream 4000 | Not impacted |
| VarioStream 7000 series | Not impacted |
| VarioStream 8000 | Not impacted |
| PRISMAproduction Server V5 | Not impacted |
| PRISMAproduction Host | Not impacted |
| PRISMAcontrol | Not impacted |
| PRISMAspool | Not impacted |
| PRISMAsimulate | New version available * |
| TrueProof | Not impacted |
| DocSetter | Not impacted |
| DPconvert | Not impacted |
* Please contact your local Canon service representative
LFG – Large Format Graphics
| Products | Status |
| Arizona series | under investigation |
| Colorado series | Not impacted |
| ONYX HUB | under investigation |
| ONYX Thrive | under investigation |
| ONYX ProductionHouse | under investigation |
TDS – Technical Documentation Systems
| Products | Status |
| TDS series | Not impacted |
| PlotWave series | Not impacted |
| ColorWave series | Not impacted |
| Scanner Professional | Not impacted |
| Driver Select, Driver Express, Publisher Mobile | Not impacted |
| Publisher Select | Not impacted |
| Account Console | Not impacted |
| Repro Desk | Not impacted |
Service & Support Tools
| Products | Status |
| On Remote Service | Not impacted |
