Spring4shell vulnerability

Last updated: 28 April 2022

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. The malicious class file can do virtually anything: leak data or secrets, launch other software such as ransomware, mine cryptocurrencies, introduce backdoors or create a steppingstone further into a network.

The goal of this page is to list the Canon Production Printing (CPP) products that may be impacted by the following CVE reports:

  • CVE-2022-22947
  • CVE-2022-22950
  • CVE-2022-22963
  • CVE-2022-22965

The table below gives the vulnerability status for the Canon Production Printing hardware and software products listed. Please check back regularly to be informed regarding the updated status.

Products assessed and status

CTS – Cutsheet and Toner Systems / Inkjet Sheetfed Press

Products Status
PRISMAsync print server based products  Not impacted
varioPRINT 140 series Not impacted
varioPRINT 6000 series Not impacted
varioPRINT i-series Not impacted
varioPRINT iX-series Not impacted
Service Control Station (SCS) for VPi300 series and VPiX  series Not impacted
Tablet for VPi300 series and VPiX series Not impacted
PRISMAsync i300/iX Simulator Not impacted
PRISMAprepare V6 Not impacted
PRISMAprepare V7 Not impacted
PRISMAprepare V8 Not impacted
PRISMAdirect V1 Not impacted
PRISMAprofiler Not impacted
PRISMA Cloud

PRISMA Home

PRISMAprepare Go

PRISMAlytics Accounting

Not impacted

 

PPP – Production Printing Products

Products Status
ColorStream 3×00

ColorStream 3x00Z

Not impacted
Colorstream 6000 Not impacted
ColorStream 8000 Not impacted
ProStream 1×00 Not impacted
LabelStream 4000 series Not impacted
ImageStream Not impacted
JetStream V1

JetStream V2

Not impacted
VarioStream 4000 Not impacted
VarioStream 4000 Not impacted
VarioStream 7000 series Not impacted
VarioStream 8000 Not impacted
PRISMAproduction Server V5 Not impacted
PRISMAproduction Host Not impacted
PRISMAcontrol Not impacted
PRISMAspool Not impacted
PRISMAsimulate New version available *
TrueProof Not impacted
DocSetter Not impacted
DPconvert Not impacted

* Please contact your local Canon service representative

 

LFG – Large Format Graphics

Products Status
Arizona series under investigation
Colorado series Not impacted
ONYX HUB under investigation
ONYX Thrive under investigation
ONYX ProductionHouse under investigation

 

TDS – Technical Documentation Systems

Products Status
TDS series Not impacted
PlotWave series Not impacted
ColorWave series Not impacted
Scanner Professional Not impacted
Driver Select, Driver Express, Publisher Mobile Not impacted
Publisher Select Not impacted
Account Console Not impacted
Repro Desk Not impacted

 

Service & Support Tools

Products Status
On Remote Service Not impacted



Related Posts