Over 150 models of Lexmark printers have critical flaws
Take action: Time to check your Lexmark printers, if you find yours on the list, update the firmware. Your printers are probably already isolated from the internet, but in a large office (or even home) network they are easily visible and can be attacked by a malware entering somewhere else.
Learn More
Lexmark has issued a firmware update to address four critical remote code execution (RCE) vulnerabilities affecting more than 150 printer models.
- The primary vulnerability, tracked as CVE-2023-50737 (CVSS score 9.1), is found within the SE menu of Lexmark printers, which Lexmark describes as crucial for diagnosing device errors. This vulnerability could potentially allow attackers to execute arbitrary code through one of the menu routines. Lexmark advises that access to the SE menu should be limited to trusted users to mitigate risks.
- Additionally, the printers have three critical vulnerabilities within their PostScript interpreters, identified as CVE-2023-50736, CVE-2023-50735, and CVE-2023-50734, CVSS score 9.0). These vulnerabilities are related to heap corruption, memory corruption, and buffer overflow, respectively, in the PostScript interpreter. Like CVE-2023-50737, these vulnerabilities do not have any workarounds and require firmware updates to secure the printers against potential exploits.
The firmware update, detailed in Lexmark's release notes for the FW23.0 (230.207), addresses these vulnerabilities alongside other security and performance improvements. Lexmark users are urged to read the firmware upgrade reminders and apply the necessary updates to safeguard their devices.
List of affected printers
- - CX930, CX931, CX942, CX943, CX944
- - XC9325, XC9335, XC9445, XC9455, XC9465
- - CS943
- - MX432
- - XM3142
- - MX931
- - CX730, CX735, CX737
- - XC4342, XC4352
- - CS730, CS735, CS737
- - C4342, C4352
- - B2236
- - MB2236
- - MS331, MS431, MS439
- - M1342
- - B3442, B3340
- - XM1342
- - MX331, MX431
- - MB3442
- - MS321, MS421, MS521, MS621
- - M1242, M1246
- - B2338, B2442, B2546, B2650
- - MS622
- - M3250
- - MX321
- - MB2338
- - MX421, MX521, MX522, MX622
- - XM1242, XM1246, XM3250
- - MB2442, MB2546, MB2650
- - MS725, MS821, MS823, MS825
- - B2865
- - MS822, MS826
- - M5255, M5270
- - MX721, MX722, MX725, MX822, MX826
- - XM5365, XM5370, XM7355, XM7370
- - MB2770
- - C3426
- - CS431, CS439
- - CS331
- - C3224, C3326
- - C2326
- - MC3426 (listed twice)
- - CX431
- - XC2326
- - MC3224, MC3326
- - CX331
- - CS622
- - C2240
- - CS421, CS521
- - C2325, C2425, C2535
- - CX522, CX622, CX625
- - XC2235, XC4240
- - MC2535, MC2640
- - CX421
- - MC2325, MC2425
- - CX820, CX825, CX827, CX860
- - XC6152, XC6153, XC8155, XC8160, XC8163
- - CS820, CS827
- - C6160
- - CS720, CS725, CS727, CS728
- - C4150
- - CX725, CX727
- - XC4140, XC4143, XC4150, XC4153
- - CS921, CS923, CS927
- - C9235
- - CX920, CX921, CX922, CX923, CX924
- - XC9225, XC9235, XC9245, XC9255, XC9265
- - MS531, MS631
- - MS632, M3350
- - MX532, MX632, XM3350
- - CS531, C2335
- - CS632
- - CX532, CX635, XC2335
