hp-support-head-portlet

Actions
Loading...
HP Customer Support - Knowledge Base

hp-contact-secondary-navigation-portlet

Actions
Loading...

hp-share-print-widget-portlet

Actions
Loading...
  • Information
    Learn how to upgrade to Windows 11

    Windows 11 Upgrade Guide

    Information
    Create an HP account today!

     Connect with HP support faster, manage all of your devices in one place, view warranty information and more. Sign up for an HP account

  • Feedback

hp-concentra-wrapper-portlet

Actions
Loading...

SUPPORT COMMUNICATION- SECURITY BULLETIN

Document ID: c07051163

Version: 1

HPSBPI03720 rev. 1 - Software Vulnerability with Certain HP OfficeJet and PageWide Solutions

Notice:: The information in this security bulletin should be acted upon as soon as possible.

Release date : 09-Mar-2021

Last updated : 09-Mar-2021

Potential Security Impact:
Local Code Execution
Source: HP, HP Product Security Response Team (PSRT)

VULNERABILITY SUMMARY
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.
Reference Number
CVE-2020-28416, PSR-2021-0045
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
I.R.I.S. OCR (Optical Character Recognition) version 12.3.7.0 software shipped with certain printer software installations for Windows.
BACKGROUND
For a PGP signed version of this Security Bulletin please write to: hp-security-alert@hp.com
Reference
Base vector
Base score
CVE-2010-3190
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
6.7 (Medium)
RESOLUTION
  1. Remove the affected software version.
    1. In Windows Settings, click Apps & Features.
    2. Select I.R.I.S OCR.
    3. Click on the Uninstall button to complete the removal.
  2. HP has provided software updates for potentially impacted printers for the products listed in the table below. To obtain the updated software solution, go to HP Software and Driver Downloads and search for your printer model.
Model name
Product number
Version
HP OfficeJet 4650 All-in-One Printer
HP DeskJet Ink Advantage 4670 All-in-One Printer series
E6G87A, F1H96A, F1H96B, F1J03A, F1J04A, F9D37A, K9V77A, K9V85B, K9V83B, F1J02A, F1J05B, K9V84B, F1J06B, F1J07B, K9V76A, F1J00A, K9V79A, K9V82B, K9V81B, V6D27B, V6D29B, V6D28B, V6D30B
40.11.1122 or later
HP OfficeJet Pro 7740 Wide Format All-in-One Printer series
G5J38A, T1P99A
40.12.1161 or later
HP PageWide Pro 577dw Multifunction Printer series
D3Q21A, D3Q21B, D3Q21C, D3Q21D
38.9.1948 or later
HP PageWide Pro 477dn Multifunction Printer series
D3Q19A, D3Q19B, D3Q19D
38.9.1948 or later
HP PageWide Pro 477dw Multifunction Printer series
D3Q20A, D3Q20B, D3Q20C, D3Q20D, W2Z53B
38.9.1948 or later
HP PageWide 377dw Multifunction Printer
J9V80A, J9V80B
39.6.1999 or later
HP PageWide Managed P57750dw Multifunction Printer series
HP PageWide Managed P52750dw Multifunction Printer
J9V82A, J9V82B, J9V82C, J9V82D, J9V78B
39.6.2002 or later
HP OfficeJet Pro 6960 All-in-One
T0G25A, T0G26A, J7K33A, T0F30A, T0F32A, T0F38A, T0F31A, J7K37A, J7K38A, J7K35A, J7K39A, T0F28A, T0F36A
40.11.1150 or later
HP OfficeJet 6960 All-in-One
T0G25A, T0G26A, J7K33A, T0F30A, T0F32A, T0F38A, T0F31A, J7K37A, J7K38A, J7K35A, J7K39A, T0F28A, T0F36A
40.12.1161 or later
HP OfficeJet Pro 6970 All-in-One Printer series
J7K34A, T0F33A, T0F39A, T0F34A, T0F35A, J7K40A, J7K36A, J7K42A, J7K41A, T0F29A, T0F37A, T0F40A
40.12.1161 or later
HP OfficeJet 6950 All-in-One
P4C78A, P4C85A, T3P03A, P4C86A, P4C81A, P4C82A, P4C84A
40.7.1094 or later
HP Officejet 5740 e-All-in-One Printer series
B9S76A, B9S78A, B9S79A, B9S83A, B9S81A, B9S84A, F8B11A, F8B10A, B9S82A, B9S85A, B9S80A, F8B09A, T1P36A
40.13.1176 or later
HP Officejet 6800 e-All-in-One Printer series
HP Officejet Pro 6830 e-All-in-One Printer series
L3L04A, T6T84A, E3E02A, M0F56A, J2D37A
33.1.74 or later
HP OfficeJet 250 Mobile Series
CZ992A, L9D57A, N4L17A, N4L16C, N4L18C
40.11.1148 or later
HP OfficeJet Pro 8710 All-in-One Printer series
HP OfficeJet Pro 8720 All-in-One Printer series
D9L18A, D9L19A, J6X76A, J6X77A, J6X78A, J6X79A, J6X80A, J6X81A, J7A28A, J7A29A, J7A31A, K7S34A, K7S35A, K7S36A, K7S37A, K7S38A, M9L65A, M9L66A, M9L67A, M9L70A, M9L74A, M9L75A, M9L76A, M9L80A, T0G46A, T0G47A, T0G48A, T0G49A, T0G54A
40.12.1161 or later
HP OfficeJet Pro 8740 All-in-One Printer series
D9L21A, K7S42A, T0G65A, K7S39A, J6X83A, K7S43A, K7S40A, K7S41A
38.8.1942 or later
HP OfficeJet Pro 8730 All-in-One Printer
D9L20A
38.8.1942 or later
HP OfficeJet Pro 8732M All-in-One Printer
T0G56A, T0G57A, T0G58A, T0G59A
38.8.1942 or later
HP OfficeJet 7510 Wide Format All-in-One Printer series
G3J47A, K1Z44A
35.0.72 or later
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, visit https://www.hp.com/go/contacthp to learn about your HP support options.
Report: To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://www.hp.com/go/alerts.
Security Bulletin Archive: To view released Security Bulletins, search the HP Support Site for "security bulletin".
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
PI
HP Printing and Imaging
HF
HP Hardware and Firmware
GN
HP General Software
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
Subject: get key
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin.HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action.HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin.To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
REVISION HISTORY : Version: 1 - 9 March 2021 Initial release.

HP Inc. shall not be liable for technical or editorial errors or omissions contained herein.The information provided is provided "as is" without warranty of any kind.To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration.The information in this document is subject to change without notice.HP Inc. and the names of HP products referenced herein are trademarks of HP Inc. in the United States and other countries.Other product and company names mentioned herein may be trademarks of their respective owners.

hp-feedback-input-portlet

Actions
Loading...

hp-feedback-banner-portlet

Actions
Loading...

hp-country-locator-portlet

Actions
Loading...
Country/Region: Caribbean

hp-detect-load-my-device-portlet

Actions
Loading...