MidnightBSD

Advisories for konicaminolta

CVE-2015-7603 HIGH

Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
konicaminolta ftp_utility 1.0
CVE-2015-7767 HIGH

Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
konicaminolta ftp_utility 1.0
CVE-2015-7768 HIGH

Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
konicaminolta ftp_utility 1.0
CVE-2020-37068

Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
konicaminolta ftp_utility 1.0
CVE-2020-37069

Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
disclosure@vulncheck.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
konicaminolta ftp_utility 1.0
CVE-2021-20868 LOW

Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain user credentials if external server authentication is enabled via a specific SOAP message sent by an administrative user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-863,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_226i_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_650i_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_4700i_firmware *
konicaminolta bizhub_266i_firmware *
konicaminolta bizhub_554e_firmware *
konicaminolta bizhub_c554_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c450i_firmware *
konicaminolta bizhub_c284_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_550i_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_750i_firmware *
konicaminolta bizhub_c227i_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_454e_firmware *
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c3300i_firmware *
konicaminolta bizhub_c364e_firmware *
konicaminolta bizhub_c654_firmware *
konicaminolta bizhub_4750i_firmware *
konicaminolta bizhub_c3320i_firmware *
konicaminolta bizhub_754e_firmware *
konicaminolta bizhub_c4050i_firmware *
konicaminolta bizhub_c287i_firmware *
konicaminolta bizhub_c754_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_300i_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c554e_firmware *
konicaminolta bizhub_450i_firmware *
konicaminolta bizhub_4050i_firmware *
konicaminolta bizhub_360i_firmware *
konicaminolta bizhub_224e_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_c284e_firmware *
konicaminolta bizhub_c224_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_c550i_firmware *
konicaminolta bizhub_c650i_firmware *
konicaminolta bizhub_c257i_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_c364_firmware *
konicaminolta bizhub_c3350i_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_c454e_firmware *
konicaminolta bizhub_c454_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_c360i_firmware *
konicaminolta bizhub_c750i_firmware *
konicaminolta bizhub_654e_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_754_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_246i_firmware *
konicaminolta bizhub_c754e_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_654_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_306i_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c250i_firmware *
konicaminolta bizhub_c300i_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_364e_firmware *
konicaminolta bizhub_c654e_firmware *
konicaminolta bizhub_284e_firmware *
konicaminolta bizhub_c4000i_firmware *
konicaminolta bizhub_c224e_firmware *
CVE-2021-20869 LOW

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_226i_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_650i_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_4700i_firmware *
konicaminolta bizhub_266i_firmware *
konicaminolta bizhub_554e_firmware *
konicaminolta bizhub_c554_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c450i_firmware *
konicaminolta bizhub_c284_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_550i_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_750i_firmware *
konicaminolta bizhub_c227i_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_454e_firmware *
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c3300i_firmware *
konicaminolta bizhub_c364e_firmware *
konicaminolta bizhub_c654_firmware *
konicaminolta bizhub_4750i_firmware *
konicaminolta bizhub_c3320i_firmware *
konicaminolta bizhub_754e_firmware *
konicaminolta bizhub_c4050i_firmware *
konicaminolta bizhub_c287i_firmware *
konicaminolta bizhub_c754_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_300i_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c554e_firmware *
konicaminolta bizhub_450i_firmware *
konicaminolta bizhub_4050i_firmware *
konicaminolta bizhub_360i_firmware *
konicaminolta bizhub_224e_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_c284e_firmware *
konicaminolta bizhub_c224_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_c550i_firmware *
konicaminolta bizhub_c650i_firmware *
konicaminolta bizhub_c257i_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_c364_firmware *
konicaminolta bizhub_c3350i_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_c454e_firmware *
konicaminolta bizhub_c454_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_c360i_firmware *
konicaminolta bizhub_c750i_firmware *
konicaminolta bizhub_654e_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_754_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_246i_firmware *
konicaminolta bizhub_c754e_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_654_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_306i_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c250i_firmware *
konicaminolta bizhub_c300i_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_364e_firmware *
konicaminolta bizhub_c654e_firmware *
konicaminolta bizhub_284e_firmware *
konicaminolta bizhub_c4000i_firmware *
konicaminolta bizhub_c224e_firmware *
CVE-2021-20870 LOW

Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-755,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_226i_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_650i_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_4700i_firmware *
konicaminolta bizhub_266i_firmware *
konicaminolta bizhub_554e_firmware *
konicaminolta bizhub_c554_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c450i_firmware *
konicaminolta bizhub_c284_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_550i_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_750i_firmware *
konicaminolta bizhub_c227i_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_454e_firmware *
konicaminolta bizhub_c3850fs_firmware -
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c3110_firmware -
konicaminolta bizhub_c3300i_firmware *
konicaminolta bizhub_c364e_firmware *
konicaminolta bizhub_c654_firmware *
konicaminolta bizhub_4750i_firmware *
konicaminolta bizhub_c3320i_firmware *
konicaminolta bizhub_c3100p_firmware -
konicaminolta bizhub_754e_firmware *
konicaminolta bizhub_c4050i_firmware *
konicaminolta bizhub_c287i_firmware *
konicaminolta bizhub_c754_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_300i_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c554e_firmware *
konicaminolta bizhub_c3350_firmware -
konicaminolta bizhub_450i_firmware *
konicaminolta bizhub_4050i_firmware *
konicaminolta bizhub_360i_firmware *
konicaminolta bizhub_c3850_firmware -
konicaminolta bizhub_224e_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_c284e_firmware *
konicaminolta bizhub_c224_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_c550i_firmware *
konicaminolta bizhub_c650i_firmware *
konicaminolta bizhub_c257i_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_c364_firmware *
konicaminolta bizhub_c3350i_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_c454e_firmware *
konicaminolta bizhub_c454_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_c360i_firmware *
konicaminolta bizhub_c750i_firmware *
konicaminolta bizhub_654e_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_754_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_246i_firmware *
konicaminolta bizhub_c754e_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_654_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_306i_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c250i_firmware *
konicaminolta bizhub_c300i_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_4750_firmware -
konicaminolta bizhub_4050_firmware -
konicaminolta bizhub_364e_firmware *
konicaminolta bizhub_c654e_firmware *
konicaminolta bizhub_284e_firmware *
konicaminolta bizhub_c4000i_firmware *
konicaminolta bizhub_c224e_firmware *
CVE-2021-20871 LOW

Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_226i_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_650i_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_4700i_firmware *
konicaminolta bizhub_266i_firmware *
konicaminolta bizhub_554e_firmware *
konicaminolta bizhub_c554_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c450i_firmware *
konicaminolta bizhub_c284_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_550i_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_750i_firmware *
konicaminolta bizhub_c227i_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_454e_firmware *
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c3300i_firmware *
konicaminolta bizhub_c364e_firmware *
konicaminolta bizhub_c654_firmware *
konicaminolta bizhub_4750i_firmware *
konicaminolta bizhub_c3320i_firmware *
konicaminolta bizhub_754e_firmware *
konicaminolta bizhub_c4050i_firmware *
konicaminolta bizhub_c287i_firmware *
konicaminolta bizhub_c754_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_300i_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c554e_firmware *
konicaminolta bizhub_450i_firmware *
konicaminolta bizhub_4050i_firmware *
konicaminolta bizhub_360i_firmware *
konicaminolta bizhub_224e_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_c284e_firmware *
konicaminolta bizhub_c224_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_c550i_firmware *
konicaminolta bizhub_c650i_firmware *
konicaminolta bizhub_c257i_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_c364_firmware *
konicaminolta bizhub_c3350i_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_c454e_firmware *
konicaminolta bizhub_c454_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_c360i_firmware *
konicaminolta bizhub_c750i_firmware *
konicaminolta bizhub_654e_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_754_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_246i_firmware *
konicaminolta bizhub_c754e_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_654_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_306i_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c250i_firmware *
konicaminolta bizhub_c300i_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_364e_firmware *
konicaminolta bizhub_c654e_firmware *
konicaminolta bizhub_284e_firmware *
konicaminolta bizhub_c4000i_firmware *
konicaminolta bizhub_c224e_firmware *
CVE-2021-20872 MEDIUM

Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_554e_firmware *
konicaminolta bizhub_c554_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c284_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_454e_firmware *
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c364e_firmware *
konicaminolta bizhub_c654_firmware *
konicaminolta bizhub_754e_firmware *
konicaminolta bizhub_c754_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c554e_firmware *
konicaminolta bizhub_224e_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_c284e_firmware *
konicaminolta bizhub_c224_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_c364_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_c454e_firmware *
konicaminolta bizhub_c454_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_654e_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_754_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_c754e_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_654_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_364e_firmware *
konicaminolta bizhub_c654e_firmware *
konicaminolta bizhub_284e_firmware *
konicaminolta bizhub_c224e_firmware *
CVE-2022-29586 MEDIUM

Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 0.7 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_226i_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_c550i_firmware *
konicaminolta bizhub_c650i_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c3350i_firmware *
konicaminolta bizhub_c450i_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_c360i_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_pro958_firmware *
konicaminolta bizhub_367_firmware *
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_c3300i_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_246i_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_306i_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c3320i_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c250i_firmware *
konicaminolta bizhub_c4050i_firmware *
konicaminolta bizhub_c300i_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c4000i_firmware *
CVE-2022-29587 MEDIUM

Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.0 MEDIUM CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 0.4 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_226i_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_c550i_firmware *
konicaminolta bizhub_c650i_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c3350i_firmware *
konicaminolta bizhub_c450i_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_c360i_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_pro958_firmware *
konicaminolta bizhub_367_firmware *
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_c3300i_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_246i_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_306i_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c3320i_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c250i_firmware *
konicaminolta bizhub_c4050i_firmware *
konicaminolta bizhub_c300i_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c4000i_firmware *
CVE-2022-29588 MEDIUM

Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
konicaminolta bizhub_c3351_firmware *
konicaminolta bizhub_226i_firmware *
konicaminolta bizhub_287_firmware *
konicaminolta bizhub_c3851fs_firmware *
konicaminolta bizhub_658e_firmware *
konicaminolta bizhub_368e_firmware *
konicaminolta bizhub_c550i_firmware *
konicaminolta bizhub_c650i_firmware *
konicaminolta bizhub_308e_firmware *
konicaminolta bizhub_558_firmware *
konicaminolta bizhub_368_firmware *
konicaminolta bizhub_c3350i_firmware *
konicaminolta bizhub_c450i_firmware *
konicaminolta bizhub_958_firmware *
konicaminolta bizhub_c308_firmware *
konicaminolta bizhub_c759_firmware *
konicaminolta bizhub_758_firmware *
konicaminolta bizhub_c287_firmware *
konicaminolta bizhub_c360i_firmware *
konicaminolta bizhub_558e_firmware *
konicaminolta bizhub_pro958_firmware *
konicaminolta bizhub_367_firmware *
konicaminolta bizhub_808_firmware *
konicaminolta bizhub_c558_firmware *
konicaminolta bizhub_4752_firmware *
konicaminolta bizhub_c3300i_firmware *
konicaminolta bizhub_c227_firmware *
konicaminolta bizhub_246i_firmware *
konicaminolta bizhub_4052_firmware *
konicaminolta bizhub_308_firmware *
konicaminolta bizhub_c658_firmware *
konicaminolta bizhub_c659_firmware *
konicaminolta bizhub_306i_firmware *
konicaminolta bizhub_458e_firmware *
konicaminolta bizhub_c3320i_firmware *
konicaminolta bizhub_c458_firmware *
konicaminolta bizhub_227_firmware *
konicaminolta bizhub_458_firmware *
konicaminolta bizhub_c250i_firmware *
konicaminolta bizhub_c4050i_firmware *
konicaminolta bizhub_c300i_firmware *
konicaminolta bizhub_c258_firmware *
konicaminolta bizhub_c3851_firmware *
konicaminolta bizhub_c368_firmware *
konicaminolta bizhub_c4000i_firmware *
CVE-2025-5884 MEDIUM

A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 2.1 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-94,

Products Affected

Vendor Product Version
konicaminolta bizhub *
CVE-2025-5885 MEDIUM

A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,CWE-862,CWE-352,

Products Affected

Vendor Product Version
konicaminolta bizhub *