HP Inc.
1501 Page Mill Road
Palo Alto, CA 94304
HP.com
Security Advisory
HP Enterprise Printing Communication:
Meltdown & Spectre CPU Vulnerabilities
Jan 17th , 2018
On January 3rd, 2018 Google’s Project Zero and academic institutions announced vulnerabilities in
common CPU platforms. The vulnerabilities impact Intel x86 processors and certain AMD and ARM
processors.
The Spectre and Meltdown vulnerabilities affect microprocessors utilizing speculative execution
and indirect branch prediction. It may allow unauthorized disclosure of information to an attacker
with local user access via a side-channel analysis.
These vulnerabilities could allow a malicious process to read memory of other software
processes. This would require installation of malicious code to perform a successful exploit.
The following security features mitigate loading untrusted or tampered code on HP devices:
o Digital signing of printer firmware and firmware updates
o Digital signing of printer solutions code
o HP SureStart and Secure Boot / ROM based code validation
o Whitelisting and Code Integrity Validation
o Runtime Intrusion Detection
o Run-time Code Integrity that ensures Executable Memory is Write-Protected
For additional information on these security features see the References section
The following HP print devices use x86 and ARM processors that are susceptible to these
vulnerabilities. One or more of the above security features mitigate loading untrusted or
tampered code on these devices.
HP LaserJet Enterprise printers and multifunction printers
HP LaserJet Enterprise pre-FutureSmart printers and multifunction printers
HP LaserJet Pro printers and multifunction printers
HP PageWide Enterprise printers and multifunction printers
Version 1.3 Public
HP PageWide Pro printers and multifunction printers
HP LaserJet Managed multifunction printers
HP PageWide Managed printers and multifunction printers
HP Digital Senders and Document Capture Workstations
HP OfficeJet Pro printers
HP Designjet Series printers
HP PageWide XL Series printers
HP HD / SD Pro Scanners
HP Latex printers
For a complete device listing see Appendix A.
HP Software Solutions
HP Software Solutions rely on their host servers and are not directly impacted by the CPU vulnerabilities.
Patches or remediation recommendations should be followed from Microsoft® and other operating systems
providers.
Recommended Actions
HP will evaluate implementation of code fixes from CPU and operating system vendors as they
become available for HP printing device architectures.
The following actions further protect against installation of malicious code.
Note: Not all setting available on all devices
Configure local administrator password (EWS)
Disable Printer Updates
Disable PJL Disk Access and Postscript Disk Access
Disable NFS
Disable FTP
Stay Informed
Subscribe to HP real-time security information: All HP products use a common centralized
Security Bulletin process managed by HP´s Product Security Response Team (PSRT). Subscribe to
HP Security Bulletins by following these steps:
1. Go to http://www.hp.com/go/support.
2. Click Get software and drivers.
3. Find your product.
2
4. Scroll to the bottom of the page and under Other support resources, click Sign up for
driver, support & security alerts.
5. Follow the onscreen prompts to sign up for alerts.
References
o Spectre Vulnerability - CVE-2017-5753; CVE-2017-5715
o Meltdown Vulnerability - CVE-2017-5754
o https://spectreattack.com/
o HPI PC Security Bulletin
o HP SureStart, Whitelisting and Intrusion Detection security features
o HP LaserJet Pro - Embedded security features
Appendix A
HP LaserJet Enterprise printers and multifunction printers
HP PageWide Enterprise printers and multifunction printers
HP Digital Senders and Document Capture Workstations
HP Color LaserJet CM4540 MFP HP LaserJet Enterprise M527
HP Color LaserJet CP5525 HP LaserJet Enterprise M604
HP Color LaserJet Enterprise Flow MFP M681 HP LaserJet Enterprise M605
HP Color LaserJet Enterprise Flow MFP M682 HP LaserJet Enterprise M606
HP Color LaserJet Enterprise M552 HP LaserJet Enterprise M607
HP Color LaserJet Enterprise M553 HP LaserJet Enterprise M608
HP Color LaserJet Enterprise M651 HP LaserJet Enterprise M609
HP Color LaserJet Enterprise M652 HP LaserJet Enterprise M806
HP Color LaserJet Enterprise M653 HP LaserJet Enterprise MFP M630
HP Color LaserJet Enterprise M750 HP LaserJet Enterprise MFP M631
HP Color LaserJet Enterprise MFP M577 HP LaserJet Enterprise MFP M632
HP Color LaserJet Enterprise MFP M681 HP LaserJet Enterprise MFP M633
HP Color LaserJet Enterprise MFP M682 HP LaserJet Enterprise MFP M725
HP Color LaserJet M680 HP Digital Sender Flow 8500 fn2 Doc Capture WS
HP LaserJet Enterprise 500 color MFP M575 HP OfficeJet Enterprise Color Flow MFP X585
HP LaserJet Enterprise 500 MFP M525 HP OfficeJet Enterprise Color MFP X585
HP LaserJet Enterprise 600 M601 HP OfficeJet Enterprise Color X555
HP LaserJet Enterprise 600 M602 HP PageWide Enterprise Color 765
HP LaserJet Enterprise 600 M603 HP PageWide Enterprise Color MFP 586
HP LaserJet Enterprise 700 color MFP M775 series HP PageWide Enterprise Color MPF 780
HP LaserJet Enterprise 700 M712 HP PageWide Enterprise Color MPF 785
HP LaserJet Enterprise 800 color M855 HP PageWide Enterprise Color X556
HP LaserJet Enterprise 800 color MFP M880 HP LaserJet Enterprise Flow MFP M633
HP LaserJet Enterprise Color 500 M551 Series HP LaserJet Enterprise M4555 MFP
3
HP LaserJet Enterprise printers and multifunction printers
HP PageWide Enterprise printers and multifunction printers
HP Digital Senders and Document Capture Workstations
HP LaserJet Enterprise color flow MFP M575 HP LaserJet Enterprise M506
HP LaserJet Enterprise flow M830z MFP HP Scanjet Enterprise 7000n
HP LaserJet Enterprise flow MFP M525 HP Scanjet Enterprise 8500 Doc Capture WS
HP LaserJet Enterprise Flow MFP M630 HP ScanJet Enterprise Flow N9120 Doc Scanner
HP LaserJet Enterprise Flow MFP M631 HP LaserJet Enterprise Flow MFP M632
HP LaserJet Enterprise pre-FutureSmart printers and multifunction printers
HP Color LaserJet Enterprise CP4025 HP Color LaserJet Enterprise CP4525
HP Color LaserJet Enterprise CP4520
HP LaserJet Managed multifunction printers
HP PageWide Managed Color Flow MFP 586 HP PageWide Managed Color Flow MFP E58650
HP PageWide Managed Color MFP E58650 HP PageWide Managed Color Flow MFP E77660
HP PageWide Managed Color MFP E77650 HP PageWide Managed Color Flow MFP E77650
HP PageWide Managed Color E75160 HP PageWide Managed Color E55650
HP LaserJet Managed MFP E62555 HP LaserJet Managed MFP E62565
HP Color LaserJet Managed E65050 HP LaserJet Managed E60055
HP Color LaserJet Managed E65060 HP LaserJet Managed E60065
HP Color LaserJet Managed Flow MFP E67550 HP LaserJet Managed E60075
HP Color LaserJet Managed Flow MFP E67560 HP LaserJet Managed Flow MFP E62555
HP Color LaserJet Managed MFP E67550 HP LaserJet Managed Flow MFP E62565
HP Color LaserJet Managed MFP E67560 HP LaserJet Managed Flow MFP E62575
HP LaserJet Managed MFP E72525 HP Color LaserJet Managed MFP E77822
HP LaserJet Managed Flow MFP E72525 HP Color LaserJet Managed Flow MFP E77822
HP LaserJet Managed MFP E72530 HP Color LaserJet Managed MFP E77825
HP LaserJet Managed Flow MFP E72530 HP Color LaserJet Managed Flow MFP E77825
HP LaserJet Managed MFP E72535 HP Color LaserJet Managed MFP E77830
HP LaserJet Managed Flow MFP E72535 HP Color LaserJet Managed Flow MFP E77830
HP LaserJet Managed MFP E82540 HP Color LaserJet Managed MFP E87640
HP LaserJet Managed Flow MFP E82540 HP Color LaserJet Managed Flow MFP E87640
HP LaserJet Managed MFP E82550 HP Color LaserJet Managed MFP E87650
HP LaserJet Managed Flow MFP E82550 HP Color LaserJet Managed Flow MFP E87650
HP LaserJet Managed MFP E82560 HP Color LaserJet Managed MFP E87660
HP LaserJet Managed Flow MFP E82560 HP Color LaserJet Managed Flow MFP E87660
4
HP LaserJet Pro printers and multifunction printers
HP LaserJet M15 Printer HP Color LaserJet Pro MFP M277dw
HP LaserJet M16 Printer HP LaserJet Pro M225rdn
HP LaserJet MFP M28 Printer HP LaserJet Pro M226dn
HP LaserJet MFP M29 Printer HP LaserJet Pro M201
HP Color LaserJet Pro M154 HP LaserJet Pro M202
HP Color LaserJet Pro M254 HP Color LaserJet Pro MFP M176
HP Color LaserJet Pro MFP M180 HP Color LaserJet Pro MFP M177
HP Color LaserJet Pro MFP M181 HP LaserJet Pro MFP M125
HP Color LaserJet Pro MFP M280 HP LaserJet Pro MFP M126
HP Color LaserJet Pro MFP M281 HP LaserJet Pro MFP M127
HP LaserJet Pro MFP M26 HP LaserJet Pro MFP M128
HP LaserJet Pro M12 Printer HP LaserJet Pro M701 Printer
HP LaserJet Pro M102 HP LaserJet Pro M706 Printer
HP LaserJet Pro M104 HP Color LaserJet Pro MFP M476
HP LaserJet Ultra M106 HP LaserJet Pro M435 MFP
HP LaserJet Pro MFP M130 HP LaserJet Pro M521 MFP
HP LaserJet Pro MFP M132 HP LaserJet Pro 500 color MFP M570
HP LaserJet Ultra MFP M134 HP LaserJet Pro 400 M401
HP LaserJet Pro M203dn HP LaserJet Pro 400 MFP M425
HP LaserJet Ultra M206dn HP LaserJet Pro 200 color MFP M276
HP LaserJet Pro MFP M227sdn HP LaserJet Pro 200 color Printer M251
HP LaserJet Ultra MFP M230sdn HP LaserJet 100 color MFP M175
HP LaserJet Pro M501n HP LaserJet 300 color M351
HP Color LaserJet Pro M452dn HP LaserJet 400 color M451
HP Color LaserJet Pro MFP M377dw LaserJet Pro 300 Color MFP M375
HP Color LaserJet Pro MFP M477fdn LaserJet Pro 400 Color MFP M475
HP LaserJet Pro M402dn HP TopShot LaserJet Pro M275 MFP
HP LaserJet Pro M403dw HP LaserJet Pro P1102
HP LaserJet Pro MFP M427dw HP LaserJet Pro CP1025
HP LaserJet Pro MFP M426fdw HP LaserJet Professional M1136 MFP
HP Color LaserJet Pro M252n HP LaserJet Pro CM1415 MFP
HP Color LaserJet Pro MFP M274n HP LaserJet Pro CP1525
5
HP PageWide Pro printers and multifunction printers
HP PageWide Managed printers, HP OfficeJet Pro printers
HP PageWide Pro 750 HP PageWide Pro 552 Printer
HP PageWide Managed P75050 HP PageWide Managed P55250
HP PageWide Pro MFP 772 HP PageWide Pro 577 MFP
HP PageWide Managed MFP P77740 HP PageWide MFP P57750
HP PageWide Managed MFP P77750 HP PageWide Pro 577 MFP
HP PageWide Managed MFP P77760 HP OfficeJet Pro 8210
HP PageWide Pro 477 MFP HP OfficeJet Pro 8740
HP PageWide 377d MFP HP OfficeJet Pro 8730
HP PageWide Pro 452 Printer HP OfficeJet Pro 8732M
HP PageWide 352d Printer HP DesignJet T730
HP PageWide Pro 452 Printer HP Designjet T830 MFP
HP OfficeJet Pro 7740 Wide Format All-in-One HP OfficeJet Pro 7720 Wide Format All-in-One
HP OfficeJet Pro 7730 Wide Format All-in-One
HP Designjet Series Printers, PageWide XL Series Printers
HP Latex Printers, HP HD / SD Pro Scanners
HP Designjet T3500 Printer HP Latex 560 Printer
HP Designjet T1700 Printer HP Latex 570 Printer
HP Designjet T730 Printer HP Latex 1500 Printer
HP Designjet T830 Printer HP Latex 3100 Printer
PageWide XL Series Printers HP Latex 3500 Printer
HP Latex 3200 Printer HP HD Pro 42 in Scanner Printer
HP Latex 3600 Printer HP SD Pro 42 in Scanner Printer
Rev.4
© 2018 HP Development Company, L.P. The information contained herein is subject to change without notice. The only warranties
for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing
herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or
omissions contained herein.
6
Loading...