HP PageWide and OfficeJet Printers Local Code Execution (CVE-2020-28416)

high Tenable OT Security Plugin ID 503301

Synopsis

The remote OT asset is affected by a vulnerability.

Description

HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

https://support.hp.com/us-en/document/c07051163

Plugin Details

Severity: High

ID: 503301

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 7/28/2025

Updated: 7/28/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-28416

CVSS v3

Risk Factor: High

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:hp:officejet_pro_6960_t0f32a_firmware, cpe:/o:hp:officejet_pro_6960_t0f31a_firmware, cpe:/o:hp:officejet_pro_6970_t0f40a_firmware, cpe:/o:hp:officejet_pro_8715_k7s37a_firmware, cpe:/o:hp:officejet_pro_8720_k7s36a_firmware, cpe:/o:hp:officejet_pro_6970_j7k34a_firmware, cpe:/o:hp:officejet_pro_6970_j7k40a_firmware, cpe:/o:hp:officejet_pro_8716_j6x81a_firmware, cpe:/o:hp:officejet_pro_6970_t0f29a_firmware, cpe:/o:hp:officejet_pro_6970_t0f34a_firmware, cpe:/o:hp:officejet_pro_7745_t1p99a_firmware, cpe:/o:hp:officejet_pro_8740_d9l21a_firmware, cpe:/o:hp:officejet_pro_6960_t0f30a_firmware, cpe:/o:hp:officejet_pro_6970_t0f33a_firmware, cpe:/o:hp:officejet_pro_6960_t0g26a_firmware, cpe:/o:hp:officejet_pro_6970_t0f37a_firmware, cpe:/o:hp:officejet_pro_8744_k7s39a_firmware, cpe:/o:hp:officejet_pro_8720_m9l74a_firmware, cpe:/o:hp:officejet_pro_6835_j2d37a_firmware, cpe:/o:hp:officejet_pro_6960_t0f28a_firmware, cpe:/o:hp:officejet_pro_7740_g5j38a_firmware, cpe:/o:hp:officejet_pro_8710_m9l66a_firmware, cpe:/o:hp:officejet_pro_8715_j6x78a_firmware, cpe:/o:hp:officejet_pro_6960_t0f38a_firmware, cpe:/o:hp:officejet_pro_8725_m9l80a_firmware, cpe:/o:hp:officejet_pro_6960_j7k37a_firmware, cpe:/o:hp:officejet_pro_8715_m9l70a_firmware, cpe:/o:hp:officejet_pro_8732m_t0g59a_firmware, cpe:/o:hp:officejet_pro_6960_t0g25a_firmware, cpe:/o:hp:officejet_pro_8740_k7s42a_firmware, cpe:/o:hp:officejet_pro_8720_m9l76a_firmware, cpe:/o:hp:officejet_pro_6960_j7k33a_firmware, cpe:/o:hp:officejet_pro_8720_k7s35a_firmware, cpe:/o:hp:officejet_pro_8720_d9l19a_firmware, cpe:/o:hp:officejet_pro_8717_k7s38a_firmware, cpe:/o:hp:officejet_pro_8725_j7a31a_firmware, cpe:/o:hp:officejet_pro_8725_k7s34a_firmware, cpe:/o:hp:officejet_pro_8712_t0g46a_firmware, cpe:/o:hp:officejet_pro_6960_j7k39a_firmware, cpe:/o:hp:officejet_pro_8728_t0g54a_firmware, cpe:/o:hp:officejet_pro_8745_j6x83a_firmware, cpe:/o:hp:officejet_pro_8717_m9l65a_firmware, cpe:/o:hp:officejet_pro_8745_k7s43a_firmware, cpe:/o:hp:officejet_pro_8715_j6x76a_firmware, cpe:/o:hp:officejet_pro_6830c_l3l04a_firmware, cpe:/o:hp:officejet_pro_6960_j7k38a_firmware, cpe:/o:hp:officejet_pro_8732m_t0g57a_firmware, cpe:/o:hp:officejet_pro_6830_e3e02a_firmware, cpe:/o:hp:officejet_pro_873_d9l20a_firmware, cpe:/o:hp:officejet_pro_8720_m9l75a_firmware, cpe:/o:hp:officejet_pro_6960_t0f36a_firmware, cpe:/o:hp:officejet_pro_6970_j7k41a_firmware, cpe:/o:hp:officejet_pro_8719_t0g49a_firmware, cpe:/o:hp:officejet_pro_8716_j6x77a_firmware, cpe:/o:hp:officejet_pro_6960_j7k35a_firmware, cpe:/o:hp:officejet_pro_6970_t0f35a_firmware, cpe:/o:hp:officejet_pro_8710_j6x79a_firmware, cpe:/o:hp:officejet_pro_6970_t0f39a_firmware, cpe:/o:hp:officejet_pro_8725_j7a28a_firmware, cpe:/o:hp:officejet_pro_8746_k7s40a_firmware, cpe:/o:hp:officejet_pro_8710_d9l18a_firmware, cpe:/o:hp:officejet_pro_8747_k7s41a_firmware, cpe:/o:hp:officejet_pro_8718_t0g48a_firmware, cpe:/o:hp:officejet_pro_8715_j6x80a_firmware, cpe:/o:hp:officejet_pro_6970_j7k42a_firmware, cpe:/o:hp:officejet_pro_8710_m9l67a_firmware, cpe:/o:hp:officejet_pro_8732m_t0g56a_firmware, cpe:/o:hp:officejet_pro_6830_m0f56a_firmware, cpe:/o:hp:officejet_pro_8743_t0g65a_firmware, cpe:/o:hp:officejet_pro_8718_t0g47a_firmware, cpe:/o:hp:officejet_pro_6970_j7k36a_firmware, cpe:/o:hp:officejet_pro_8732m_t0g58a_firmware, cpe:/o:hp:officejet_pro_8727_j7a29a_firmware

Required KB Items: Tenable.ot/HP

Exploit Ease: No known exploits are available

Patch Publication Date: 11/3/2021

Vulnerability Publication Date: 11/3/2021

Reference Information

CVE: CVE-2020-28416