Canon Security

On this page you will find important information regarding Canon security

Latest News

Canon Laser and Small Office Multifunctional Printer related vulnerabilities with the IP Stack – Updated 01 October 2020

A cyber security company headquartered in Israel, SCADAfence Ltd., drew our attention to a vulnerability related to IP stack protocol, which is used by Canon Laser Printer and Small Office Multifunctional Printer. Please refer to CVE-2020-16849 for details.

The potential exists for a third-party attack on the device when it is connected to a network allowing fragments of the “Address book” or/and “administrator password” to be acquired through an unsecured network. It should be noted that when HTTPS is used for the communication of Remote UI, data is secured by encryption.

To date, there have been no confirmed cases of these vulnerabilities being exploited to cause harm. However, in order to ensure that our customers can use our products securely, new firmware will be available for the following products:

i-SENSYS MF Series


imageRUNNER Series

Please refer to the User Manual for details on how to update firmware.
We recommend that a private IP address is used for products and use network parameter controls such as the use of a firewall or Wi-Fi router that can restrict network access. The ‘Security for Products Connected to a Network’ section further down on this page gives some additional guidance.


“Ripple20”: Multiple Vulnerabilities Identified in the TCP/IP Stack – Updated 30 September 2020

After investigation into the ‘Ripple20’ vulnerability, there has been no identified issue with Canon printer products.


Security provided by eight character numerical passwords – Added 06 March 2020

Whilst Canon’s wireless function password complies with the current WPA standard, we are aware that the security provided by eight-character numerical passwords isn’t considered to be as strong as it used to be. With this in mind, we recommend that in environments where wireless security is a concern, such as a public location, Canon equipment should always be connected to infrastructure Wi-Fi deployment. We take security seriously - we are updating the Wi-Fi security configurations across our products to help you remain secure and any update will be published on these pages. Canon would like to thank REDTEAM.PL for drawing our attention to the changing nature of password security and its impact on the market.


ImageRUNNER ADVANCE Syslog and Log events – Added 20 February 2020

The imageRUNNER ADVANCE software platform version 3.8 and later introduced the Syslog protocol (compliant with RFC 5424, RFC 5425 and RFC 5426) near real-time event messaging functionality adding to existing device logging increasing visibility of device and device security events. This builds upon the device logging capability allowing connection to an existing security information event management (SIEM) or Syslog server. The ‘SIEM_spec’ document given below details of the messages types and log data that can be generated.


VxWork Operating System vulnerability – Revised 03 October 2019

Eleven vulnerabilities, dubbed “URGENT/11” (CVE-2019-12255 through to CVE-2019-12265), have been identified within the VxWorks operating system. It has transpired that the IPnet TCP/IP stack used in the VxWorks operating system has also been used in other real-time operating systems, opening up the possibility for vulnerabilities (CVE-2019-12255, CVE-2019-12262 and CVE-2019-12264) to exist in a broader range of products.

A number of legacy European models may be vulnerable to this issue as they have been identified as using the affected IPnet TCP/IP stack:

  • i-SENSYS MF4270
  • i-SENSYS MF4370dn
  • i-SENSYS MF4380dn
  • imageRUNNER 2318
  • imageRUNNER 2318L
  • imageRUNNER 2320
  • imageRUNNER 2420
  • imageRUNNER 2422
We would recommend that you review your network security controls and/or upgrade to the latest equivalent Canon device. Further information can found in the Canon MFD Hardening Guide (link is given at the bottom of this page) and at our Canon global page.

Security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions – Added 6 August 2019

Thank you very much for using Canon products.

An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.

(CVE-ID:CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.

  • Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  • Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
  • Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  • Disable the camera’s network functions when they are not being used.
  • Download the official firmware from Canon’s website when performing a camera firmware update.

There is an increase use of PCs and mobile devices in an unsecure (free Wi-Fi) network environment where customers are not aware of the network security. As it has become prevalent to transfer images from a camera to a mobile device via Wi-Fi connection, we will implement firmware updates for the following models that are equipped with the Wi-Fi function.

These vulnerabilities affect the following EOS-series digital SLR and mirrorless cameras:

EOS-1DC*1 *2 EOS 6D Mark II EOS 760D EOS M6 Mark II PowerShot SX740 HS
EOS-1DX*1 *2 EOS 7D Mark II*1  EOS 800D EOS M10
EOS-1DX MK II*1 *2  EOS 70D EOS 1300D EOS M50
EOS 5D Mark III*1 EOS 77D EOS 2000D EOS M100
EOS 5D Mark IV EOS 80D EOS 4000D EOS R
EOS 5DS R*1 EOS 250D EOS M5 PowerShot G5X Mark II
EOS 6D EOS 750D EOS M6 PowerShot SX70 HS

*1 If a WiFi adapter or a Wireless file transmitter is used, WiFi connection can be established.

*2 Ethernet connections are also affected by these vulnerabilities.

Firmware update information will be provided for each product in turn starting from products for which preparations have been completed.


uniFLOW Authentication issue – Revised 19 March 2019

We have identified a security issue that exists in certain circumstances of using uniFLOW and NT-Ware has issued a hotfix to resolve this. We strongly recommend you run this fix on your system as soon as possible.  
There is a possibility of gaining unauthorised access where "Username/Password" is used as authentication or the card learning mechanism is utilised.
This only affects particular versions of the software, when used with these authentication methods: 
• uniFLOW V5.1 SRx
• uniFLOW V5.2 SRx
• uniFLOW V5.3 SRx
• uniFLOW V5.4 SR10 (revised hotfix) and above
• uniFLOW 2018 LTS SRx (revised hotfix)
• uniFLOW 2018 v-Releases (revised hotfix)
If you are using uniFLOW V5.1 SRx, uniFLOW V5.2 SRx or uniFLOW V5.3 SRx please contact your authorised reseller or Canon support representative.

Please find instructions to install the hotfix here 

We are committed to providing secure solutions to our customers and apologise for any inconvenience this situation has caused. Should you require further information regarding this advisory, please contact your local Canon office, authorised reseller or Canon support representative. If you notice any suspicious activity, please report these immediately to your account manager and IT department. 

Fax Vulnerability - Added 31 August 2018 

Recently, researchers reported on vulnerabilities found in the communication protocols in the fax functions of certain products. (CVE-ID: CVE-2018-5924, CVE 2018-5925). For information regarding the impact of these vulnerabilities on Canon products equipped with fax functions, please see below:

Based on our review, as they do not employ the colour G3 Fax Protocol exploited by these vulnerabilities, the following products are unaffected: imageRUNNER/iR, imageRUNNER ADVANCE, LASER CLASS, imagePRESS, FAXPHONE, GP and imageCLASS/i-SENSYS series models equipped with fax functions.

MAXIFY and PIXMA series products equipped with fax functions do make use of the Colour G3 Fax Protocol. However, we have not identified any risk of malicious code being executed via the fax circuit or risk to the security of information saved on these devices.

We will continue to monitor this situation and take appropriate action necessary to help ensure the security of our devices.

Spectre and Meltdown CPU Security Vulnerabilities - Added 08 March 2018  

Vulnerabilities were recently made public regarding certain CPUs from Intel, AMD and ARM that make use of speculative execution to improve their performance. These vulnerabilities may allow an attacker to gain unauthorised access to areas of private cached memory.

Two variants of the vulnerabilities that use different techniques to exploit the speculative execution functions within the affected CPUs were identified and named. They are CVE-2017-5715, CVE-2017-5753: “Spectre” and CVE-2017-5754: “Meltdown”.

The following Canon external controller products may be impacted by the vulnerabilities. Though there is currently no known way to exploit these vulnerabilities, countermeasures are being prepared so that customers can continue to use our products without concern.

GX300 v2.0, GX300 v2.1, GX400 v1.0, GX500 v1.1

U1 v1.1, U1 v1.1.1, U2 v1.0 
Y1 v1.0, Y2 v1.0

imagePRESS-CR Server: 
A7000 v2.1, A7000 v3.0, A7300 v1.0, A7500 v2.1, A8000 v1.1

imagePRESS Server: 
A1200 v1.0, A1200 v1.1, A1300 v1.0, A2200 v1.0, A2200 v1.1, A2300 v1.0, A3200 v1.0, A3200 v1.1, A3300 v1.0 
B4000 v1.0, B4100 v1.0, B5000 v1.0, B5100 v1.0 
F200 v1.21, H300 v1.0 
J100 v1.21, J200 v1.21 
K100 v1.0, K200 v1.0 
Q2 v2.0, Z1 v1.0

The following Canon service may be impacted by the vulnerabilities. Though there is currently no known way to exploit these vulnerabilities, countermeasures were put in place by end of February 2018.

MDS Cloud

All Canon laser multifunction printers and Canon laser printers and their related software products, except the above-mentioned, are not affected by these vulnerabilities through any known exploitation process. Customers can continue using our products reliably.

Canon is constantly working to ensure the highest level of security is reached in all our products and solutions. We take the security of our customer information seriously and its protection is our utmost priority.

Vulnerability in WPA2 Wi-Fi Encryption Protocol - Added 16 January 2018 

Recently, a researcher made public a vulnerability known as KRACKs in the standard wireless LAN (Wi-Fi) encryption protocol WPA2. This vulnerability allows an attacker to intentionally intercept the wireless transmission between the client (terminal equipped with Wi-Fi functionality) and the access point (the router etc.) to perform potentially malicious activity. For that reason, this vulnerability cannot be exploited by anyone outside the range of the Wi-Fi signal or by anyone in a remote location using the internet as an intermediary. 

We have yet to confirm that any issues have been encountered by users of Canon products as a result of this vulnerability, however, in order to allow customers to continue using our products with peace of mind, we recommend the following preventative measures: 
•Use a USB cable or Ethernet cable to directly connect compatible devices to a network 
•Encrypt data transmission from devices that enable encryption settings (TLS/IPSec) 
•Use such physical media as SD cards with compatible devices 
•Use such settings as Wireless Direct and Direct Connect with compatible devices

As the operation procedures and functions offered vary from device to device, please consult your device’s manual for more details. We also recommend you take appropriate measures for such devices as your PC or smartphone. For information on the appropriate measures for each device, please contact the device’s manufacturer.

Security for Products Connected to a Network

Many products and their various functions can be used remotely via the internet or wireless LAN. However, connecting products to a network introduces the possibility of such security issues as unauthorized access and use by malicious third parties.

To that end, in order minimize the risk of security issues, it is necessary to apply the appropriate settings and use your products in a secure environment. Below we have outlined a number of security measures to ensure customers can continue to use their Canon products in a more secure way.

Security measures when using Canon products

When using the product for the first time

1. Set an administrator ID and password. Set up administrator/general users IDs and passwords if possible.
2. Change the device’s default password to a new password.
3. Ensure that passwords and other similar settings for various functions are sufficiently difficult to guess.
4. If the product has authentication functions, use them to manage who can use the product.
5. Set a private IP address for products and create a network environment with a firewall or Wi-Fi router that can restrict network access.
6. Only connect products to trusted networks.
7. If the product has network filters, use them to limit the number of addresses that can communicate with the device.
8. Use any encryption functions the product may have.
9. Disable functions and ports that aren’t used wherever possible.
10. Set the product’s security function settings as strong as possible.
11. Be aware of physical security needs, including those related to the location of the product etc.

When operating the product

1. When using functions that communicate via a network, ensure you are using a trusted access point before connecting.
2. Regularly check the Canon security page to ensure you are up to date with security-related information.
3. Use the latest firmware.
4. If the product saves various logs, check them regularly.
5. If you won’t be using the product for a long period, switch it off.

When disposing of the product

When disposing of the product, delete all data and set-points saved on the device.

Security measures for specific Canon products

We are aware of news articles regarding research from University Alliance Ruhr concerning potential vulnerability for networked printers via the PostScript programming language used widely across our industry. No Canon devices were tested in the research.

Canon works constantly to ensure the highest level of security in all of our products and solutions, including networked printers. We take the security of our customer’s information seriously and its protection is our utmost priority. Our MFD Hardening Guide explains and advises on the best configuration settings for secure implementation.

Information regarding security measures for specific Canon products and their set-up procedures are outlined below. Please note, the information is only available in English.


ISO 27001 Information Security

Canon places the highest focus on Information Security safeguarding the confidentiality, integrity and availability of written, spoken and electronic information, to ensure the following is assured at all times:

  • Confidentiality - ensuring that information is accessible only to those authorised to have access
  • Integrity - safeguarding the accuracy and completeness of information and processing methods
  • Availability - ensuring that authorised users have access to information when needed

ISO 27001 certification demonstrates that Canon Europe has systems in place to protect corporate information and data, whether this is online or offline. By holding ISO 27001, Canon Europe can confirm that it’s security processes from development to delivery have been externally assessed and have been 3rd party certified to an internationally recognised standard.

ISO 27001 Information Security Certificate Canon Europe has received ISO 27001 certification for its information security management system, reassuring customers that we adhere to world class standards. It covers all aspects of information security from risk and audit management to product security and incident management.

Our Information Security Management System (ISMS) covers the following areas:

  • security policy
  • organisation of information security
  • asset management
  • human resources security
  • physical and environmental security
  • communications and operations management
  • access control
  • information systems acquisition, development and maintenance
  • information security incident management
  • business continuity management
  • regulatory compliance

Report a Security Issue

If you are aware of a security issue relating to a Canon product, system or service, we would like to hear from you.

How to contact us

If you believe you have discovered a security issue with a Canon product or have a security incident to report, please email Please include a detailed summary of the security issue, the exact name of the product, software version and the nature of the issue. Please also include an email address and telephone number so we can contact you if we require more information.

Canon IT Systems Vulnerability Disclosure Policy

The Canon Information Security team is committed to protect our employees and customers. As part of this commitment, we invite security researchers to help protect Canon and its users by proactively report security vulnerabilities and weaknesses. We work hard every day to maintain and improve our systems and processes so that our customers and partners can communicate and shop with us safely online. However, should you find a weakness in one of our IT systems, we always appreciate your help.

The disclosure of any security weaknesses helps us ensure the security and privacy of our users by acting as a trusted partner. Our policy document explains the requirement and mechanism related to Canon IT System Vulnerability Disclosure that allows researchers to evaluate Canon IT system to discover any vulnerability in a safe and ethical manner and report it to Canon Information Security team.

Non-security support enquiries

Please note that this email address is only for reporting security issues and not for general support issues. Please visit our Support pages for help with any other issue.

We take security issues seriously and will respond swiftly to fix verifiable issues however some of our products are complex and take time to update. When properly notified of legitimate issues, we will do our best to acknowledge your email, investigate the issue and fix them as quickly as possible.

Fraudulent Store Warning

It has come to our attention that there are several websites claiming to offer significantly discounted Canon products at 90% off or more. These websites are designed to look like our official Canon Store and we believe they are not legitimate, aimed only at confusing and deceiving our customers into sharing personal and financial data. We advise our customers to be vigilant when shopping online with Canon and other retailers.

To recognise the official Canon online store, all Canon stores across Europe have a similar domain name:
The final characters change per each country. For example: &

You might also need...