HPSBPI03563 rev 1 - SMTP Credentials Vulnerability for HP Designjet and HP Latex printers

Potential Security Impact

Potential exposure of SMTP credentials when configuring HP Designjet and HP Latex printers.

Reported by: Nicodemo Gawronski

VULNERABILITY SUMMARY

HP has identified a potential security vulnerability with some HP Designjet and HP Latex printers that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers.

RESOLUTION

In order to fix this vulnerability, a new firmware version MUST be installed (firmware upgrade). The firmware versions that fix the vulnerability for the different products are summarized in this table:

Products

|

Firmware name

—|—

DesignJet T790, T795, T1300, T2300

|

IG_11_00_00.10

DesignJet T920, T930, T1500, T1530, T2500, T2530

|

MRY_04_05_00.5

DesignJet T3500

|

AENEAS_03_04_00.9

Latex 310, 330, 360, 370

|

NEXUS_01_12_00.11

Latex 315, 335, 365, 375

|

NEXUS_03_12_00.15

Latex 560, 570

|

STORM_00_05_01.6

Latex 110

|

Firmware release will be available end of august

This firmware versions are available for download from the corresponding HP support web pages. For products that support Automatic Firmware Upgrade functionality, the corresponding firmware versions are also available for automatic upgrade.