Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03720 rev. 1 - Software Vulnerability with Certain HP OfficeJet and PageWide Solutions

Related Vulnerabilities: CVE-2020-28416   CVE-2010-3190  

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

Source
Potential Security Impact:
Local Code Execution
Source: HP, HP Product Security Response Team (PSRT)

VULNERABILITY SUMMARY

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.
Reference Number
CVE-2020-28416, PSR-2021-0045
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
I.R.I.S. OCR (Optical Character Recognition) version 12.3.7.0 software shipped with certain printer software installations for Windows.
BACKGROUND
For a PGP signed version of this Security Bulletin please write to: hp-security-alert@hp.com
Reference
Base vector
Base score
CVE-2010-3190
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium)
RESOLUTION
  1. Remove the affected software version.
    1. In Windows Settings, click Apps & Features.
    2. Select I.R.I.S OCR.
    3. Click on the Uninstall button to complete the removal.
  2. HP has provided software updates for potentially impacted printers for the products listed in the table below. To obtain the updated software solution, go to HP Software and Driver Downloads and search for your printer model.
Model name
Product number
Version
HP OfficeJet 4650 All-in-One Printer
HP DeskJet Ink Advantage 4670 All-in-One Printer series
E6G87A, F1H96A, F1H96B, F1J03A, F1J04A, F9D37A, K9V77A, K9V85B, K9V83B, F1J02A, F1J05B, K9V84B, F1J06B, F1J07B, K9V76A, F1J00A, K9V79A, K9V82B, K9V81B, V6D27B, V6D29B, V6D28B, V6D30B
40.11.1122 or later
HP OfficeJet Pro 7740 Wide Format All-in-One Printer series
G5J38A, T1P99A
40.12.1161 or later
HP PageWide Pro 577dw Multifunction Printer series
D3Q21A, D3Q21B, D3Q21C, D3Q21D
38.9.1948 or later
HP PageWide Pro 477dn Multifunction Printer series
D3Q19A, D3Q19B, D3Q19D
38.9.1948 or later
HP PageWide Pro 477dw Multifunction Printer series
D3Q20A, D3Q20B, D3Q20C, D3Q20D, W2Z53B
38.9.1948 or later
HP PageWide 377dw Multifunction Printer
J9V80A, J9V80B
39.6.1999 or later
HP PageWide Managed P57750dw Multifunction Printer series
HP PageWide Managed P52750dw Multifunction Printer
J9V82A, J9V82B, J9V82C, J9V82D, J9V78B
39.6.2002 or later
HP OfficeJet Pro 6960 All-in-One
T0G25A, T0G26A, J7K33A, T0F30A, T0F32A, T0F38A, T0F31A, J7K37A, J7K38A, J7K35A, J7K39A, T0F28A, T0F36A
40.11.1150 or later
HP OfficeJet 6960 All-in-One
T0G25A, T0G26A, J7K33A, T0F30A, T0F32A, T0F38A, T0F31A, J7K37A, J7K38A, J7K35A, J7K39A, T0F28A, T0F36A
40.12.1161 or later
HP OfficeJet Pro 6970 All-in-One Printer series
J7K34A, T0F33A, T0F39A, T0F34A, T0F35A, J7K40A, J7K36A, J7K42A, J7K41A, T0F29A, T0F37A, T0F40A
40.12.1161 or later
HP OfficeJet 6950 All-in-One
P4C78A, P4C85A, T3P03A, P4C86A, P4C81A, P4C82A, P4C84A
40.7.1094 or later
HP Officejet 5740 e-All-in-One Printer series
B9S76A, B9S78A, B9S79A, B9S83A, B9S81A, B9S84A, F8B11A, F8B10A, B9S82A, B9S85A, B9S80A, F8B09A, T1P36A
40.13.1176 or later
HP Officejet 6800 e-All-in-One Printer series
HP Officejet Pro 6830 e-All-in-One Printer series
L3L04A, T6T84A, E3E02A, M0F56A, J2D37A
33.1.74 or later
HP OfficeJet 250 Mobile Series
CZ992A, L9D57A, N4L17A, N4L16C, N4L18C
40.11.1148 or later
HP OfficeJet Pro 8710 All-in-One Printer series
HP OfficeJet Pro 8720 All-in-One Printer series
D9L18A, D9L19A, J6X76A, J6X77A, J6X78A, J6X79A, J6X80A, J6X81A, J7A28A, J7A29A, J7A31A, K7S34A, K7S35A, K7S36A, K7S37A, K7S38A, M9L65A, M9L66A, M9L67A, M9L70A, M9L74A, M9L75A, M9L76A, M9L80A, T0G46A, T0G47A, T0G48A, T0G49A, T0G54A
40.12.1161 or later
HP OfficeJet Pro 8740 All-in-One Printer series
D9L21A, K7S42A, T0G65A, K7S39A, J6X83A, K7S43A, K7S40A, K7S41A
38.8.1942 or later
HP OfficeJet Pro 8730 All-in-One Printer
D9L20A
38.8.1942 or later
HP OfficeJet Pro 8732M All-in-One Printer
T0G56A, T0G57A, T0G58A, T0G59A
38.8.1942 or later
HP OfficeJet 7510 Wide Format All-in-One Printer series
G3J47A, K1Z44A
35.0.72 or later
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, visit https://www.hp.com/go/contacthp to learn about your HP support options.
Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://www.hp.com/go/alerts.
Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
PI
HP Printing and Imaging
HF
HP Hardware and Firmware
GN
HP General Software
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: hp-security-alert@hp.com
Subject: get key
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
REVISION HISTORY : Version: 1 - 9 March 2021 Initial release.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started