Search

Find a vulnerability

Search criteria

    5 vulnerabilities by KONICA MINOLTA JAPAN, INC.

    CVE-2026-50100 (GCVE-0-2026-50100)

    Vulnerability from nvd – Published: 2026-06-15 08:07 – Updated: 2026-06-16 03:56
    VLAI
    Summary
    Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Ricoh Company, Ltd. Multiple printer drivers Affected: see the information provided by the vendor
    Create a notification for this product.
    KONICA MINOLTA JAPAN, INC. Multiple printer drivers Affected: see the information provided by the vendor
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50100",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T03:56:04.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple printer drivers",
              "vendor": "Ricoh Company, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            },
            {
              "product": "Multiple printer drivers",
              "vendor": "KONICA MINOLTA JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T08:07:48.676Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000002"
            },
            {
              "url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000002"
            },
            {
              "url": "https://www.konicaminolta.jp/business/support/important/260615_01_01.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN55319858/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-50100",
        "datePublished": "2026-06-15T08:07:48.676Z",
        "dateReserved": "2026-06-09T04:19:48.755Z",
        "dateUpdated": "2026-06-16T03:56:04.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41393 (GCVE-0-2025-41393)

    Vulnerability from nvd – Published: 2025-05-12 08:04 – Updated: 2025-07-14 06:23
    VLAI
    Summary
    Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T14:28:46.670592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T14:29:23.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple laser printers and MFPs which implement Web Image Monitor",
              "vendor": "Ricoh Company, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            },
            {
              "product": "Multiple MFPs which implement Web Image Monitor",
              "vendor": "KONICA MINOLTA JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T06:23:13.218Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001"
            },
            {
              "url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001"
            },
            {
              "url": "https://www.konicaminolta.jp/business/support/important/250714_01_01.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN20474768/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-41393",
        "datePublished": "2025-05-12T08:04:39.693Z",
        "dateReserved": "2025-05-01T06:24:40.467Z",
        "dateUpdated": "2025-07-14T06:23:13.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-50100 (GCVE-0-2026-50100)

    Vulnerability from cvelistv5 – Published: 2026-06-15 08:07 – Updated: 2026-06-16 03:56
    VLAI
    Summary
    Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Ricoh Company, Ltd. Multiple printer drivers Affected: see the information provided by the vendor
    Create a notification for this product.
    KONICA MINOLTA JAPAN, INC. Multiple printer drivers Affected: see the information provided by the vendor
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50100",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T03:56:04.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple printer drivers",
              "vendor": "Ricoh Company, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            },
            {
              "product": "Multiple printer drivers",
              "vendor": "KONICA MINOLTA JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple printer drivers provided by Ricoh Company, Ltd. and KONICA MINOLTA JAPAN, INC. contain a privilege escalation vulnerability. If this vulnerability is exploited, an attacker who can log in to a computer running an affected printer driver could elevate privileges by using a specially crafted driver."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "Uncontrolled Search Path Element",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-15T08:07:48.676Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000002"
            },
            {
              "url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000002"
            },
            {
              "url": "https://www.konicaminolta.jp/business/support/important/260615_01_01.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN55319858/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2026-50100",
        "datePublished": "2026-06-15T08:07:48.676Z",
        "dateReserved": "2026-06-09T04:19:48.755Z",
        "dateUpdated": "2026-06-16T03:56:04.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-41393 (GCVE-0-2025-41393)

    Vulnerability from cvelistv5 – Published: 2025-05-12 08:04 – Updated: 2025-07-14 06:23
    VLAI
    Summary
    Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References].
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41393",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T14:28:46.670592Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T14:29:23.249Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Multiple laser printers and MFPs which implement Web Image Monitor",
              "vendor": "Ricoh Company, Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            },
            {
              "product": "Multiple MFPs which implement Web Image Monitor",
              "vendor": "KONICA MINOLTA JAPAN, INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see the information provided by the vendor"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-14T06:23:13.218Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001"
            },
            {
              "url": "https://jp.ricoh.com/security/products/vulnerabilities/vul?id=ricoh-2025-000001"
            },
            {
              "url": "https://www.konicaminolta.jp/business/support/important/250714_01_01.html"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN20474768/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-41393",
        "datePublished": "2025-05-12T08:04:39.693Z",
        "dateReserved": "2025-05-01T06:24:40.467Z",
        "dateUpdated": "2025-07-14T06:23:13.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2026-000085

    Vulnerability from jvndb - Published: 2026-06-15 15:30 - Updated:2026-06-15 15:30
    Severity
    Summary
    Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers
    Details
    Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability:
    • Privilege escalation (CWE-427) - CVE-2026-50100
    Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000085.html",
      "dc:date": "2026-06-15T15:30+09:00",
      "dcterms:issued": "2026-06-15T15:30+09:00",
      "dcterms:modified": "2026-06-15T15:30+09:00",
      "description": "Multiple printer drivers provided by RICOH and KONICA MINOLTA JAPAN contain the following vulnerability:\u003ca href=\u0027https://cwe.mitre.org/data/definitions/427.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003ePrivilege escalation (CWE-427) - CVE-2026-50100\u003c/li\u003e\u003c/ul\u003eRicoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000085.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:misc:konicaminolta_multiple_product",
          "@product": "(multiple product)",
          "@vendor": "KONICA MINOLTA JAPAN, INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:ricoh:multiple_product",
          "@product": "(multiple product)",
          "@vendor": "Ricoh Co., Ltd",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2026-000085",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN55319858/index.html",
          "@id": "JVN#55319858",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2026-50100",
          "@id": "CVE-2026-50100",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Privilege escalation vulnerability in multiple RICOH and KONICA MINOLTA JAPAN printer drivers"
    }