Detections
Analytics

Konica Bizhub Multifunction Printers Server-Side Request Forgery (CVE-2024-51980)

medium Tenable OT Security Plugin ID 505041

Synopsis

The remote OT asset is affected by a vulnerability.

Description

An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.

Solution

Refer to the vendor advisory.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2024-51980

https://www.cve.org/CVERecord?id=CVE-2024-51980

http://www.nessus.org/u?6c7d4950

Plugin Details

Severity: Medium

ID: 505041

File Name: tenable_ot_konica_CVE-2024-51980.nasl

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 1/21/2026

Updated: 1/21/2026

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/o:konicaminolta:bizhub_5000i_firmware, cpe:/o:konicaminolta:bizhub_3000mf_firmware, cpe:/o:konicaminolta:bizhub_4020i_firmware, cpe:/o:konicaminolta:bizhub_3080mf_firmware, cpe:/o:konicaminolta:bizhub_5020i_firmware, cpe:/o:konicaminolta:bizhub_4000i_firmware

Required KB Items: Tenable.ot/Konica

Vulnerability Publication Date: 6/25/2025

Reference Information

CVE: CVE-2024-51980

CWE: 918