All the vulnerabilites related to Oki Electric Industry Co., Ltd. - (Multiple Products)
jvndb-2024-003539
Vulnerability from jvndb
Published
2024-06-17 15:21
Modified
2024-06-17 15:21
Summary
Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs
Details
MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.
<ul>
<li><b>Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') (<a href="https://cwe.mitre.org/data/definitions/776">CWE-776</a>) </b>- CVE-2024-27141, CVE-2024-27142</li>
<li><b>Execution with Unnecessary Privileges (<a href="https://cwe.mitre.org/data/definitions/250">CWE-250</a>) </b>- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498</li>
<li><b>Incorrect Default Permissions (<a href="https://cwe.mitre.org/data/definitions/276">CWE-276</a>) </b>- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171</li>
<li><b>Path Traversal (<a href="https://cwe.mitre.org/data/definitions/22">CWE-22</a>) </b>- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178</li>
<li><b>Insertion of Sensitive Information into Log File (<a href="https://cwe.mitre.org/data/definitions/532">CWE-532</a>) </b>- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157</li>
<li><b>Plaintext Storage of a Password (<a href="https://cwe.mitre.org/data/definitions/256">CWE-256</a>) </b>- CVE-2024-27166</li>
<li><b>Debug Messages Revealing Unnecessary Information (<a href="https://cwe.mitre.org/data/definitions/1295">CWE-1295</a>) </b>- CVE-2024-27179</li>
<li><b>Use of Default Credentials (<a href="https://cwe.mitre.org/data/definitions/1392">CWE-1392</a>) </b>- CVE-2024-27158</li>
<li><b>Use of Hard-coded Credentials (<a href="https://cwe.mitre.org/data/definitions/798">CWE-798</a>) </b>- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170</li>
<li><b>Use of Hard-coded Password (<a href="https://cwe.mitre.org/data/definitions/259">CWE-259</a>) </b>- CVE-2024-27164</li>
<li><b>Cross-site Scripting (<a href="http://cwe.mitre.org/data/definitions/79">CWE-79</a>) </b>- CVE-2024-27162</li>
<li><b>Cleartext Transmission of Sensitive Information (<a href="https://cwe.mitre.org/data/definitions/319">CWE-319</a>) </b>- CVE-2024-27163</li>
<li><b>Least Privilege Violation (<a href="https://cwe.mitre.org/data/definitions/272">CWE-272</a>) </b>- CVE-2024-27165</li>
<li><b>Missing Authentication for Critical Function (<a href="https://cwe.mitre.org/data/definitions/306">CWE-306</a>) </b>- CVE-2024-27169</li>
<li><b>OS Command Injection (<a href="https://cwe.mitre.org/data/definitions/78">CWE-78</a>) </b>- CVE-2024-27172</li>
<li><b>External Control of File Name or Path (<a href="https://cwe.mitre.org/data/definitions/73">CWE-73</a>) </b>- CVE-2024-27175</li>
<li><b>Time-of-check Time-of-use (TOCTOU) Race Condition (<a href="https://cwe.mitre.org/data/definitions/367">CWE-367</a>) </b>- CVE-2024-27180</li>
<li><b>Authentication Bypass Using an Alternate Path or Channel (<a href="https://cwe.mitre.org/data/definitions/288">CWE-288</a></b>) - CVE-2024-3496</li>
<li><b>Relative Path Traversal (<a href="https://cwe.mitre.org/data/definitions/23">CWE-23</a>) </b>- CVE-2024-3497</li>
</ul>
Toshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
"dc:date": "2024-06-17T15:21+09:00",
"dcterms:issued": "2024-06-17T15:21+09:00",
"dcterms:modified": "2024-06-17T15:21+09:00",
"description": "MFPs (multifunction printers) provided by Toshiba Tec Corporation and Oki Electric Industry Co., Ltd. contain multiple vulnerabilities listed below.\r\n\u003cul\u003e\r\n\t\u003cli\u003e\u003cb\u003eImproper Restriction of Recursive Entity References in DTDs (\u0026#39;XML Entity Expansion\u0026#39;) (\u003ca href=\"https://cwe.mitre.org/data/definitions/776\"\u003eCWE-776\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27141, CVE-2024-27142\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExecution with Unnecessary Privileges (\u003ca href=\"https://cwe.mitre.org/data/definitions/250\"\u003eCWE-250\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27143, CVE-2024-27146, CVE-2024-27147, CVE-2024-3498\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eIncorrect Default Permissions (\u003ca href=\"https://cwe.mitre.org/data/definitions/276\"\u003eCWE-276\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27148, CVE-2024-27149, CVE-2024-27150, CVE-2024-27151, CVE-2024-27152, CVE-2024-27153, CVE-2024-27155, CVE-2024-27167, CVE-2024-27171\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePath Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/22\"\u003eCWE-22\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27144, CVE-2024-27145, CVE-2024-27173, CVE-2024-27174, CVE-2024-27176, CVE-2024-27177, CVE-2024-27178\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eInsertion of Sensitive Information into Log File (\u003ca href=\"https://cwe.mitre.org/data/definitions/532\"\u003eCWE-532\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27154, CVE-2024-27156, CVE-2024-27157\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003ePlaintext Storage of a Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/256\"\u003eCWE-256\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27166\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eDebug Messages Revealing Unnecessary Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/1295\"\u003eCWE-1295\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27179\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Default Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/1392\"\u003eCWE-1392\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27158\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Credentials (\u003ca href=\"https://cwe.mitre.org/data/definitions/798\"\u003eCWE-798\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27159, CVE-2024-27160, CVE-2024-27161, CVE-2024-27168, CVE-2024-27170\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eUse of Hard-coded Password (\u003ca href=\"https://cwe.mitre.org/data/definitions/259\"\u003eCWE-259\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27164\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCross-site Scripting (\u003ca href=\"http://cwe.mitre.org/data/definitions/79\"\u003eCWE-79\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27162\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eCleartext Transmission of Sensitive Information (\u003ca href=\"https://cwe.mitre.org/data/definitions/319\"\u003eCWE-319\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27163\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eLeast Privilege Violation (\u003ca href=\"https://cwe.mitre.org/data/definitions/272\"\u003eCWE-272\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27165\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eMissing Authentication for Critical Function (\u003ca href=\"https://cwe.mitre.org/data/definitions/306\"\u003eCWE-306\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27169\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eOS Command Injection (\u003ca href=\"https://cwe.mitre.org/data/definitions/78\"\u003eCWE-78\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27172\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eExternal Control of File Name or Path (\u003ca href=\"https://cwe.mitre.org/data/definitions/73\"\u003eCWE-73\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27175\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eTime-of-check Time-of-use (TOCTOU) Race Condition (\u003ca href=\"https://cwe.mitre.org/data/definitions/367\"\u003eCWE-367\u003c/a\u003e) \u003c/b\u003e- CVE-2024-27180\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eAuthentication Bypass Using an Alternate Path or Channel (\u003ca href=\"https://cwe.mitre.org/data/definitions/288\"\u003eCWE-288\u003c/a\u003e\u003c/b\u003e) - CVE-2024-3496\u003c/li\u003e\r\n\t\u003cli\u003e\u003cb\u003eRelative Path Traversal (\u003ca href=\"https://cwe.mitre.org/data/definitions/23\"\u003eCWE-23\u003c/a\u003e) \u003c/b\u003e- CVE-2024-3497\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\r\nToshiba Tec Corporation reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003539.html",
"sec:cpe": [
{
"#text": "cpe:/a:misc:oki_electric_industry_multiple_product",
"@product": "(Multiple Products)",
"@vendor": "Oki Electric Industry Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/a:toshibatec:multiple_product",
"@product": "(Multiple Products)",
"@vendor": "TOSHIBA TEC",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2024-003539",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU97136265/index.html",
"@id": "JVNVU#97136265",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27141",
"@id": "CVE-2024-27141",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27142",
"@id": "CVE-2024-27142",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27143",
"@id": "CVE-2024-27143",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27146",
"@id": "CVE-2024-27146",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27147",
"@id": "CVE-2024-27147",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-3498",
"@id": "CVE-2024-3498",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27148",
"@id": "CVE-2024-27148",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27149",
"@id": "CVE-2024-27149",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27150",
"@id": "CVE-2024-27150",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27151",
"@id": "CVE-2024-27151",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27152",
"@id": "CVE-2024-27152",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27153",
"@id": "CVE-2024-27153",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27155",
"@id": "CVE-2024-27155",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27167",
"@id": "CVE-2024-27167",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27171",
"@id": "CVE-2024-27171",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27144",
"@id": "CVE-2024-27144",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27145",
"@id": "CVE-2024-27145",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27173",
"@id": "CVE-2024-27173",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27174",
"@id": "CVE-2024-27174",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27176",
"@id": "CVE-2024-27176",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27177",
"@id": "CVE-2024-27177",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27178",
"@id": "CVE-2024-27178",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27154",
"@id": "CVE-2024-27154",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27156",
"@id": "CVE-2024-27156",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27157",
"@id": "CVE-2024-27157",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27166",
"@id": "CVE-2024-27166",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27179",
"@id": "CVE-2024-27179",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27158",
"@id": "CVE-2024-27158",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27159",
"@id": "CVE-2024-27159",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27160",
"@id": "CVE-2024-27160",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27161",
"@id": "CVE-2024-27161",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27168",
"@id": "CVE-2024-27168",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27170",
"@id": "CVE-2024-27170",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27164",
"@id": "CVE-2024-27164",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27162",
"@id": "CVE-2024-27162",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27163",
"@id": "CVE-2024-27163",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27165",
"@id": "CVE-2024-27165",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27169",
"@id": "CVE-2024-27169",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27172",
"@id": "CVE-2024-27172",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27175",
"@id": "CVE-2024-27175",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-27180",
"@id": "CVE-2024-27180",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-3496",
"@id": "CVE-2024-3496",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-3497",
"@id": "CVE-2024-3497",
"@source": "CVE"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1295",
"@id": "CWE-1295",
"@title": "Debug Messages Revealing Unnecessary Information(CWE-1295)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/1392.html",
"@id": "CWE-1392",
"@title": "Use of Default Credentials(CWE-1392)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/23.html",
"@id": "CWE-23",
"@title": "Relative Path Traversal(CWE-23)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/250.html",
"@id": "CWE-250",
"@title": "Execution with Unnecessary Privileges(CWE-250)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/256.html",
"@id": "CWE-256",
"@title": "Unprotected Storage of Credentials(CWE-256)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/259.html",
"@id": "CWE-259",
"@title": "Use of Hard-coded Password(CWE-259)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/272.html",
"@id": "CWE-272",
"@title": "Least Privilege Violation(CWE-272)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/276.html",
"@id": "CWE-276",
"@title": "Incorrect Default Permissions(CWE-276)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/288.html",
"@id": "CWE-288",
"@title": "Authentication Bypass Using an Alternate Path or Channel(CWE-288)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/306.html",
"@id": "CWE-306",
"@title": "Missing Authentication for Critical Function(CWE-306)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/319.html",
"@id": "CWE-319",
"@title": "Cleartext Transmission of Sensitive Information(CWE-319)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/367.html",
"@id": "CWE-367",
"@title": "Time-of-check Time-of-use (TOCTOU) Race Condition(CWE-367)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/532.html",
"@id": "CWE-532",
"@title": "Information Exposure Through Log Files(CWE-532)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/73.html",
"@id": "CWE-73",
"@title": "External Control of File Name or Path(CWE-73)"
},
{
"#text": "http://cwe.mitre.org/data/definitions/776.html",
"@id": "CWE-776",
"@title": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)(CWE-776)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://cwe.mitre.org/data/definitions/798.html",
"@id": "CWE-798",
"@title": "Use of Hard-coded Credentials(CWE-798)"
}
],
"title": "Multiple vulnerabilities in Toshiba Tec and Oki Electric Industry MFPs"
}