RICOH SP C250 Series Use of Hard-coded Credentials (CVE-2019-14309)

high Tenable OT Security Plugin ID 501969


The remote OT asset is affected by a vulnerability.


Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware.
This would allow to an attacker to access and read information stored on the shared FTP folders.

This plugin only works with Tenable.ot.
Please visit for more information.


Refer to the vendor advisory.

See Also

Plugin Details

Severity: High

ID: 501969

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 2/13/2024

Updated: 2/14/2024

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-14309


Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:ricoh:sp_c250dn_firmware:1.05, cpe:/o:ricoh:sp_c250sf_firmware, cpe:/o:ricoh:sp_c252dn_firmware, cpe:/o:ricoh:sp_c252sf_firmware

Required KB Items: Tenable.ot/RICOH

Exploit Ease: No known exploits are available

Patch Publication Date: 3/13/2020

Vulnerability Publication Date: 3/13/2020

Reference Information

CVE: CVE-2019-14309

CWE: 798