Vulnerability-Lookup

CVE-2023-1526 (GCVE-0-2023-1526)

Vulnerability from cvelistv5 – Published: 2023-04-28 16:04 – Updated: 2025-01-30 19:29

Summary

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

Severity

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-noinfo Not enough information

Assigner

References

1 reference

URL	Tags
https://support.hp.com/us-en/document/ish_7869666…

Impacted products

1 product

Vendor	Product	Version
HP Inc.	HP DesignJet and PageWide XL	Affected: See HP Security Bulletin reference for affected versions.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.657Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "NONE",
              "baseScore": 4.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-1526",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T19:28:50.354231Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T19:29:46.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HP DesignJet and PageWide XL",
          "vendor": "HP Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "See HP Security Bulletin reference for affected versions."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-28T16:04:13.185Z",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837"
        }
      ],
      "x_generator": {
        "engine": "cveClient/1.0.13"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2023-1526",
    "datePublished": "2023-04-28T16:04:13.185Z",
    "dateReserved": "2023-03-20T20:39:28.035Z",
    "dateUpdated": "2025-01-30T19:29:46.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-1526",
      "date": "2026-06-21",
      "epss": "0.01189",
      "percentile": "0.63876"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:designjet_z6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"jgr6_09_22_51.2\", \"matchCriteriaId\": \"79275045-E680-4980-AE2E-E4B4FF2F9EF9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:designjet_z6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AC21A58-00BA-4EDF-9EF0-870AE44D218B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:designjet_z6dr_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"jgr6_09_22_51.2\", \"matchCriteriaId\": \"D98922E6-9D13-499C-BD28-E6FE2BC60327\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:designjet_z6dr:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9830F6D2-A1EF-48D9-A9FE-EF4F3CC37A9C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:designjet_z9_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"jgr9_09_22_51.2\", \"matchCriteriaId\": \"DF1E5F8A-53F4-4575-B647-21FE43BD81D6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:designjet_z9:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E8876C93-02EA-4AB0-BD3E-E73C5293BD74\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:designjet_z9dr_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"jgr9_09_22_51.2\", \"matchCriteriaId\": \"FBB204FE-BCF4-49E4-B86B-D8DAC3B65174\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:designjet_z9dr:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"944C8DAB-1262-4D78-943E-BE43FCA7AF86\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:designjet_z9\\\\+_pro_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5038AB0-6D73-4CC3-9790-82BADDBF48A2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:designjet_z9\\\\+_pro:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3B5271B-CA09-45EB-BE82-5573E15BCB7B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:pagewide_xl_4700:_firmware:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E35992F-797A-4210-AD84-B73119A8119D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:pagewide_xl_4700:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD7EFD29-61E5-44DD-BF9E-E7A94C7518D3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:pagewide_xl_4500:_firmware:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"59D4C8D4-634D-4328-BADA-586D0DB774B5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:pagewide_xl_4500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C79CA733-FC8F-409E-B7F5-17C62C352C07\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:pagewide_xl_4100:_firmware:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F336F37C-C59F-48C4-884A-6EEFE2CEDBAE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:pagewide_xl_4100:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8176BFFE-C208-4E5C-9D68-666A747D84B2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:pagewide_xl_4600:_firmware:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D0C17BB-2F0F-4AD9-9C53-BE5F07D4817A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:pagewide_xl_4600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B438074-4FBD-4167-8B49-E632088108B1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hp:pagewide_xl_8000:_firmware:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"724920B8-F956-457F-9CBF-0F0620AC4630\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hp:pagewide_xl_8000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9889CAC-98CE-48D8-B49B-BAB37CC8AFC2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.\"}]",
      "id": "CVE-2023-1526",
      "lastModified": "2024-11-21T07:39:21.910",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.6, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 3.6}]}",
      "published": "2023-04-28T17:15:42.973",
      "references": "[{\"url\": \"https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837\", \"source\": \"hp-security-alert@hp.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "hp-security-alert@hp.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-1526\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2023-04-28T17:15:42.973\",\"lastModified\":\"2025-01-30T20:15:30.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:designjet_z6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"jgr6_09_22_51.2\",\"matchCriteriaId\":\"79275045-E680-4980-AE2E-E4B4FF2F9EF9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:designjet_z6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AC21A58-00BA-4EDF-9EF0-870AE44D218B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:designjet_z6dr_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"jgr6_09_22_51.2\",\"matchCriteriaId\":\"D98922E6-9D13-499C-BD28-E6FE2BC60327\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:designjet_z6dr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9830F6D2-A1EF-48D9-A9FE-EF4F3CC37A9C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:designjet_z9_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"jgr9_09_22_51.2\",\"matchCriteriaId\":\"DF1E5F8A-53F4-4575-B647-21FE43BD81D6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:designjet_z9:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8876C93-02EA-4AB0-BD3E-E73C5293BD74\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:designjet_z9dr_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"jgr9_09_22_51.2\",\"matchCriteriaId\":\"FBB204FE-BCF4-49E4-B86B-D8DAC3B65174\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:designjet_z9dr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"944C8DAB-1262-4D78-943E-BE43FCA7AF86\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:designjet_z9\\\\+_pro_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5038AB0-6D73-4CC3-9790-82BADDBF48A2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:designjet_z9\\\\+_pro:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3B5271B-CA09-45EB-BE82-5573E15BCB7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:pagewide_xl_4700:_firmware:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E35992F-797A-4210-AD84-B73119A8119D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:pagewide_xl_4700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD7EFD29-61E5-44DD-BF9E-E7A94C7518D3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:pagewide_xl_4500:_firmware:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"59D4C8D4-634D-4328-BADA-586D0DB774B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:pagewide_xl_4500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79CA733-FC8F-409E-B7F5-17C62C352C07\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:pagewide_xl_4100:_firmware:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F336F37C-C59F-48C4-884A-6EEFE2CEDBAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:pagewide_xl_4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8176BFFE-C208-4E5C-9D68-666A747D84B2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:pagewide_xl_4600:_firmware:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D0C17BB-2F0F-4AD9-9C53-BE5F07D4817A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:pagewide_xl_4600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B438074-4FBD-4167-8B49-E632088108B1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hp:pagewide_xl_8000:_firmware:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"724920B8-F956-457F-9CBF-0F0620AC4630\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hp:pagewide_xl_8000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9889CAC-98CE-48D8-B49B-BAB37CC8AFC2\"}]}]}],\"references\":[{\"url\":\"https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:49:11.657Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.6, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1526\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-30T19:28:50.354231Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-30T19:28:46.454Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"HP Inc.\", \"product\": \"HP DesignJet and PageWide XL\", \"versions\": [{\"status\": \"affected\", \"version\": \"See HP Security Bulletin reference for affected versions.\"}]}], \"references\": [{\"url\": \"https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837\"}], \"x_generator\": {\"engine\": \"cveClient/1.0.13\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.\"}], \"providerMetadata\": {\"orgId\": \"74586083-13ce-40fd-b46a-8e5d23cfbcb2\", \"shortName\": \"hp\", \"dateUpdated\": \"2023-04-28T16:04:13.185Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-1526\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-30T19:29:46.760Z\", \"dateReserved\": \"2023-03-20T20:39:28.035Z\", \"assignerOrgId\": \"74586083-13ce-40fd-b46a-8e5d23cfbcb2\", \"datePublished\": \"2023-04-28T16:04:13.185Z\", \"assignerShortName\": \"hp\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-1526

Vulnerability from fkie_nvd - Published: 2023-04-28 17:15 - Updated: 2026-06-17 05:28

Severity

4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

References

	URL	Tags
	hp-security-alert@hp.com	https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837	Vendor Advisory

Impacted products

Vendor	Product	Version
hp	designjet_z6_firmware	*
hp	designjet_z6	-
hp	designjet_z6dr_firmware	*
hp	designjet_z6dr	-
hp	designjet_z9_firmware	*
hp	designjet_z9	-
hp	designjet_z9dr_firmware	*
hp	designjet_z9dr	-
hp	designjet_z9\+_pro_firmware	-
hp	designjet_z9\+_pro	-
hp	pagewide_xl_4700	_firmware
hp	pagewide_xl_4700	-
hp	pagewide_xl_4500	_firmware
hp	pagewide_xl_4500	-
hp	pagewide_xl_4100	_firmware
hp	pagewide_xl_4100	-
hp	pagewide_xl_4600	_firmware
hp	pagewide_xl_4600	-
hp	pagewide_xl_8000	_firmware
hp	pagewide_xl_8000	-

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "HP DesignJet and PageWide XL",
          "vendor": "HP Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "See HP Security Bulletin reference for affected versions."
            }
          ]
        }
      ],
      "source": "hp-security-alert@hp.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:designjet_z6_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79275045-E680-4980-AE2E-E4B4FF2F9EF9",
              "versionEndExcluding": "jgr6_09_22_51.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:designjet_z6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC21A58-00BA-4EDF-9EF0-870AE44D218B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:designjet_z6dr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D98922E6-9D13-499C-BD28-E6FE2BC60327",
              "versionEndExcluding": "jgr6_09_22_51.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:designjet_z6dr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9830F6D2-A1EF-48D9-A9FE-EF4F3CC37A9C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:designjet_z9_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF1E5F8A-53F4-4575-B647-21FE43BD81D6",
              "versionEndExcluding": "jgr9_09_22_51.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:designjet_z9:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8876C93-02EA-4AB0-BD3E-E73C5293BD74",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:designjet_z9dr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB204FE-BCF4-49E4-B86B-D8DAC3B65174",
              "versionEndExcluding": "jgr9_09_22_51.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:designjet_z9dr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "944C8DAB-1262-4D78-943E-BE43FCA7AF86",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:designjet_z9\\+_pro_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5038AB0-6D73-4CC3-9790-82BADDBF48A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:designjet_z9\\+_pro:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3B5271B-CA09-45EB-BE82-5573E15BCB7B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:pagewide_xl_4700:_firmware:-:*:*:*:*:*:*",
              "matchCriteriaId": "9E35992F-797A-4210-AD84-B73119A8119D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:pagewide_xl_4700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD7EFD29-61E5-44DD-BF9E-E7A94C7518D3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:pagewide_xl_4500:_firmware:-:*:*:*:*:*:*",
              "matchCriteriaId": "59D4C8D4-634D-4328-BADA-586D0DB774B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:pagewide_xl_4500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79CA733-FC8F-409E-B7F5-17C62C352C07",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:pagewide_xl_4100:_firmware:-:*:*:*:*:*:*",
              "matchCriteriaId": "F336F37C-C59F-48C4-884A-6EEFE2CEDBAE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:pagewide_xl_4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8176BFFE-C208-4E5C-9D68-666A747D84B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:pagewide_xl_4600:_firmware:-:*:*:*:*:*:*",
              "matchCriteriaId": "8D0C17BB-2F0F-4AD9-9C53-BE5F07D4817A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:pagewide_xl_4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B438074-4FBD-4167-8B49-E632088108B1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:pagewide_xl_8000:_firmware:-:*:*:*:*:*:*",
              "matchCriteriaId": "724920B8-F956-457F-9CBF-0F0620AC4630",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hp:pagewide_xl_8000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9889CAC-98CE-48D8-B49B-BAB37CC8AFC2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer."
    }
  ],
  "id": "CVE-2023-1526",
  "lastModified": "2026-06-17T05:28:09.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2023-1526",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-01-30T19:28:50.354231Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2023-04-28T17:15:42.973",
  "references": [
    {
      "source": "hp-security-alert@hp.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837"
    }
  ],
  "sourceIdentifier": "hp-security-alert@hp.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VR7W-HJQ6-6HC3

Vulnerability from github – Published: 2023-04-28 18:30 – Updated: 2024-04-04 03:43

Details

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

Severity

4.6 (Medium)


                  
                    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-1526"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-28T17:15:42Z",
    "severity": "MODERATE"
  },
  "details": "Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.",
  "id": "GHSA-vr7w-hjq6-6hc3",
  "modified": "2024-04-04T03:43:47Z",
  "published": "2023-04-28T18:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1526"
    },
    {
      "type": "WEB",
      "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-1526

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.

Aliases

CVE-2023-1526

Aliases

CVE-2023-1526

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-1526",
    "id": "GSD-2023-1526"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-1526"
      ],
      "details": "Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.",
      "id": "GSD-2023-1526",
      "modified": "2023-12-13T01:20:42.192393Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "hp-security-alert@hp.com",
        "ID": "CVE-2023-1526",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HP DesignJet and PageWide XL",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "See HP Security Bulletin reference for affected versions."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "HP Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer."
          }
        ]
      },
      "generator": {
        "engine": "cveClient/1.0.13"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837",
            "refsource": "MISC",
            "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:designjet_z6_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jgr6_09_22_51.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:designjet_z6:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:designjet_z6dr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jgr6_09_22_51.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:designjet_z6dr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:designjet_z9_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jgr9_09_22_51.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:designjet_z9:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:designjet_z9dr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "jgr9_09_22_51.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:designjet_z9dr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:designjet_z9\\+_pro_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:designjet_z9\\+_pro:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:pagewide_xl_4700:_firmware:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:pagewide_xl_4700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:pagewide_xl_4500:_firmware:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:pagewide_xl_4500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:pagewide_xl_4100:_firmware:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:pagewide_xl_4100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:pagewide_xl_4600:_firmware:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:pagewide_xl_4600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hp:pagewide_xl_8000:_firmware:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hp:pagewide_xl_8000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2023-1526"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/hpsbpi03837"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-05-10T16:47Z",
      "publishedDate": "2023-04-28T17:15Z"
    }
  }
}

WID-SEC-W-2023-0779

Vulnerability from csaf_certbund - Published: 2023-03-27 22:00 - Updated: 2023-03-27 22:00

Summary

HP DesignJet und PageWide XL: Schwachstelle ermöglicht Offenlegung von Informationen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: HP DesignJet ist die Produktreihe von Großformatdruckern bzw. -Plottern des Herstellers Hewlett Packard.

Angriff: Ein lokaler Angreifer kann eine Schwachstelle in HP DesignJet und PageWide XL ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme: - Hardware Appliance

CVE-2023-1526

Es existiert eine Schwachstelle in bestimmten HP DesignJet und PageWide XL Produkten, die eine "TAA Compliance" haben. Ein Angreifer kann nach physikalischem Entfernen der im Gerät verbauten Festplatte die darauf gespeicherten Informationen auslesen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HP DesignJet TAA compliant HP	`cpe:/h:hp:designjet:::taa_compliant`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.hp.com/us-en/document/ish_7869666…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "HP DesignJet ist die Produktreihe von Gro\u00dfformatdruckern bzw. -Plottern des Herstellers Hewlett Packard.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann eine Schwachstelle in HP DesignJet und PageWide XL ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Hardware Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0779 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0779.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0779 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0779"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBPI03837 vom 2023-03-27",
        "url": "https://support.hp.com/us-en/document/ish_7869666-7869691-16/HPSBPI03837"
      }
    ],
    "source_lang": "en-US",
    "title": "HP DesignJet und PageWide XL: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2023-03-27T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:27.375+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0779",
      "initial_release_date": "2023-03-27T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-03-27T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP DesignJet TAA compliant",
            "product": {
              "name": "HP DesignJet TAA compliant",
              "product_id": "T026947",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:designjet:::taa_compliant"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-1526",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in bestimmten HP DesignJet und PageWide XL Produkten, die eine \"TAA Compliance\" haben. Ein Angreifer kann nach physikalischem Entfernen der im Ger\u00e4t verbauten Festplatte die darauf gespeicherten Informationen auslesen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T026947"
        ]
      },
      "release_date": "2023-03-27T22:00:00.000+00:00",
      "title": "CVE-2023-1526"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-1526 (GCVE-0-2023-1526)

FKIE_CVE-2023-1526

GHSA-VR7W-HJQ6-6HC3

GSD-2023-1526

WID-SEC-W-2023-0779

Tags

Sightings

Nomenclature