CVE-2024-27974

Summary

Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].

Affected Software

VendorProductVersion RangeStatus
FUJIFILM Business Inovation Corp.DocuPrint P450 dall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint P450 JMall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint P450 psall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint P455 dall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint M455 dfall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C2255all versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C2450all versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C2450 IIall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C3200Aall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C3350all versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C3360all versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C3450 dall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint C3450 d IIall versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint 4050all versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint 4060all versionsaffected
FUJIFILM Business Inovation Corp.DocuPrint 5060all versionsaffected
FUJIFILM Business Inovation Corp.DocuCentre-IV C2260all versionsaffected
FUJIFILM Business Inovation Corp.DocuCentre-IV C2270all versionsaffected
FUJIFILM Business Inovation Corp.DocuCentre-IV C3370all versionsaffected
FUJIFILM Business Inovation Corp.DocuCentre-IV C4470all versionsaffected
FUJIFILM Business Inovation Corp.DocuCentre-IV C5570all versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C2270all versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C3370all versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C4470all versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C5570all versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C2270 Rall versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C3370 Rall versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C4470 Rall versionsaffected
FUJIFILM Business Inovation Corp.ApeosPort-IV C5570 Rall versionsaffected
FUJIFILM Business Inovation Corp.ApeosWide 6050/3030all versionsaffected
FUJIFILM Business Inovation Corp.DocuWide 6057/3037all versionsaffected
FUJIFILM Business Inovation Corp.DocuWide 6055all versionsaffected
FUJIFILM Business Inovation Corp.DocuWide 3035all versionsaffected
FUJIFILM Business Inovation Corp.DocuWide C842all versionsaffected
FUJIFILM Business Inovation Corp.DocuWide 2055all versionsaffected
FUJIFILM Business Inovation Corp.DocuWide 9098αall versionsaffected
FUJIFILM Business Inovation Corp.DocuWide 9095αall versionsaffected

Weaknesses

  • Cross-site request forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References