Canon Satera MF656Cdw up to 05.04 out-of-bounds write
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.8 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, was found in Canon Satera MF656Cdw, Satera MF654Cdw, Color imageCLASS MF656Cdw, Color imageCLASS MF654Cdw, Color imageCLASS MF653Cdw, Color imageCLASS MF652Cdw, Color imageCLASS LBP633Cdw, Color imageCLASS LBP632Cdw, i-SENSYS MF657Cdw, i-SENSYS MF655Cdw, i-SENSYS MF651Cdw, i-SENSYS LBP633Cdw and i-SENSYS LBP631Cdw up to 05.04. This vulnerability affects unknown code. The manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2024-12647. The attack can be executed remotely. There is not any exploit available.
Details
A vulnerability, which was classified as very critical, was found in Canon Satera MF656Cdw, Satera MF654Cdw, Color imageCLASS MF656Cdw, Color imageCLASS MF654Cdw, Color imageCLASS MF653Cdw, Color imageCLASS MF652Cdw, Color imageCLASS LBP633Cdw, Color imageCLASS LBP632Cdw, i-SENSYS MF657Cdw, i-SENSYS MF655Cdw, i-SENSYS MF651Cdw, i-SENSYS LBP633Cdw and i-SENSYS LBP631Cdw up to 05.04. Affected is some unknown functionality. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. CWE is classifying the issue as CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier sold in Japan. Color imageCLASS MF656Cdw/Color imageCLASS MF654Cdw/Color imageCLASS MF653Cdw/Color imageCLASS MF652Cdw/Color imageCLASS LBP633Cdw/Color imageCLASS LBP632Cdw firmware v05.04 and earlier sold in US. i-SENSYS MF657Cdw/i-SENSYS MF655Cdw/i-SENSYS MF651Cdw/i-SENSYS LBP633Cdw/i-SENSYS LBP631Cdw firmware v05.04 and earlier sold in Europe.
The advisory is shared for download at psirt.canon. This vulnerability is traded as CVE-2024-12647 since 12/16/2024. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 01/26/2026).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
- Color imageCLASS LBP632Cdw
- Color imageCLASS LBP633Cdw
- Color imageCLASS MF652Cdw
- Color imageCLASS MF653Cdw
- Color imageCLASS MF654Cdw
- Color imageCLASS MF656Cdw
- i-SENSYS LBP631Cdw
- i-SENSYS LBP633Cdw
- i-SENSYS MF651Cdw
- i-SENSYS MF655Cdw
- i-SENSYS MF657Cdw
- Satera MF654Cdw
- Satera MF656Cdw
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.8
VulDB Base Score: 9.8
VulDB Temp Score: 9.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 9.8
CNA Vector (Canon): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Out-of-bounds writeCWE: CWE-787 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
12/16/2024 🔍01/28/2025 🔍
01/28/2025 🔍
01/26/2026 🔍
Sources
Advisory: psirt.canonStatus: Not defined
CVE: CVE-2024-12647 (🔍)
GCVE (CVE): GCVE-0-2024-12647
GCVE (VulDB): GCVE-100-293736
Entry
Created: 01/28/2025 07:32Updated: 01/26/2026 16:29
Changes: 01/28/2025 07:32 (26), 01/28/2025 07:35 (35), 01/26/2026 16:29 (1)
Complete: 🔍
Committer: mitr
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.