Apache Tomcat vulnerability
CVE-2022-25762
Last updated: 12 October 2022
We have assessed the potential impact of Apache Tomcat vulnerability [CVE-2022-25762] on Canon Production Printing (CPP) products and services. If software has been installed in a virtual VMware environment, please check the VMware vendor advisories.
The table below gives the vulnerability status for the Canon Production Printing hardware and software products listed.
Products assessed and status
Cutsheet and Toner Systems / Inkjet Sheetfed Press
| Products | Status |
| PRISMAsync print server based products | Not impacted |
| varioPRINT 140 series | Not impacted |
| varioPRINT 6000 series | Not impacted |
| varioPRINT i-series | Not impacted |
| varioPRINT iX-series | Not impacted |
| Service Control Station (SCS) for VPi300 series and VPiX series | Not impacted |
| Tablet for VPi300 series and VPiX series | Not impacted |
| PRISMAsync i300/iX Simulator | Not impacted |
| PRISMAprepare V6 | Not impacted |
| PRISMAprepare V7 | Not impacted |
| PRISMAprepare V8 | Not impacted |
| PRISMAdirect V1 | Not impacted |
| PRISMAprofiler | Not impacted |
| PRISMAorder
PRISMA Cloud |
Not impacted |
Continuous Printing
| Products | Status |
| ColorStream 3×00 | Impacted, risk analysed to be low (not exposed on external network |
| ColorStream 3x00Z/ColorStream 6000 | Impacted, risk analysed to be low (not exposed on external network) |
| ColorStream 8000 | Fixed from bundle version 19.34.71* |
| ProStream 1×00 | Impacted, risk analysed to be low (not exposed on external network) |
| JetStream V1/JetStream V2 | Not impacted |
| VarioStream 4000 | Not impacted |
| VarioStream 7000 series | Not impacted |
| VarioStream 8000 | Not impacted |
| PRISMAproduction Server V5 | Not impacted |
| PRISMAproduction Host | Not impacted |
| PRISMAsimulate | Impacted |
| PRISMAcontrol | Not impacted |
| TrueProof | Impacted |
* Please contact your local Canon service representative
Large Format Graphics
| Products | Status |
| Arizona series | Not impacted |
| Colorado series | Not impacted |
Technical Documentation Systems
| Products | |
| PlotWave series | The recent software releases of PlotWave products have the latest Tomcat version on board and are therefore not impacted:
– PlotWave 3000/3500/5000/5500/7500 Release 2.1.0.0 – PlotWave 345/365 Release 1.3.0.0 – PlotWave 450/550 Release 1.3.0.0 Impacted, risk analyzed to be very low (not exposed on external network): – PlotWave 750 – PlotWave 900 |
| ColorWave series | The recent software releases of ColorWave products have the latest Tomcat version on board and are therefore not impacted:
– ColorWave 3500/3700 Release 5.2.0.0 – ColorWave 3600/3800 Release 6.1.0.0 – ColorWave 500/700 Release 4.4.0.0 – ColorWave 9000 Release 3.1.0.0 Impacted, risk analyzed to be very low (not exposed on external network): – ColorWave 810/910 |
| Driver Select, Driver Express, Publisher Mobile | Not impacted |
| Publisher Select | Not impacted |
| Account Console | Not impacted |
| Repro Desk | Not impacted |
Service & Support Tools
| Products | Status |
| On Remote Service | Not impacted |
| Technical Service Manual | Not impacted |
| Advisory Dashboard – Analysis & Maintenance | Not impacted |
CVE-2022-25762
