Detections
Analytics

Lexmark Printers Server-Side Request Forgery (SSRF) (CVE-2023-23560)

critical Tenable OT Security Plugin ID 503867

Synopsis

The remote OT asset is affected by a vulnerability.

Description

In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?47214309

https://support.lexmark.com/alerts/

Plugin Details

Severity: Critical

ID: 503867

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 11/5/2025

Updated: 11/5/2025

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:lexmark:cs439_firmware, cpe:/o:lexmark:mb2338_firmware, cpe:/o:lexmark:cx431_firmware, cpe:/o:lexmark:mx432_firmware, cpe:/o:lexmark:xm3142_firmware, cpe:/o:lexmark:mb2546_firmware, cpe:/o:lexmark:mb2770_firmware, cpe:/o:lexmark:mc2535_firmware, cpe:/o:lexmark:mx522_firmware, cpe:/o:lexmark:cs927_firmware, cpe:/o:lexmark:c2326_firmware, cpe:/o:lexmark:xc9265_firmware, cpe:/o:lexmark:xc8155_firmware, cpe:/o:lexmark:cx860_firmware, cpe:/o:lexmark:xc4150_firmware, cpe:/o:lexmark:b2546_firmware, cpe:/o:lexmark:c2240_firmware, cpe:/o:lexmark:mx521_firmware, cpe:/o:lexmark:ms821_firmware, cpe:/o:lexmark:xm5365_firmware, cpe:/o:lexmark:cx820_firmware, cpe:/o:lexmark:b2338_firmware, cpe:/o:lexmark:ms421_firmware, cpe:/o:lexmark:xm1246_firmware, cpe:/o:lexmark:mx931_firmware, cpe:/o:lexmark:cx331_firmware, cpe:/o:lexmark:mb2236_firmware, cpe:/o:lexmark:ms431_firmware, cpe:/o:lexmark:mx721_firmware, cpe:/o:lexmark:b2236_firmware, cpe:/o:lexmark:c9235_firmware, cpe:/o:lexmark:b3442_firmware, cpe:/o:lexmark:ms725_firmware, cpe:/o:lexmark:cx921_firmware, cpe:/o:lexmark:xc4240_firmware, cpe:/o:lexmark:cx924_firmware, cpe:/o:lexmark:xc9225_firmware, cpe:/o:lexmark:xc9455_firmware, cpe:/o:lexmark:xc9465_firmware, cpe:/o:lexmark:mb3442_firmware, cpe:/o:lexmark:xc2235_firmware, cpe:/o:lexmark:xc9255_firmware, cpe:/o:lexmark:m5255_firmware, cpe:/o:lexmark:cs431_firmware, cpe:/o:lexmark:cx421_firmware, cpe:/o:lexmark:cx622_firmware, cpe:/o:lexmark:ms331_firmware, cpe:/o:lexmark:cs921_firmware, cpe:/o:lexmark:ms826_firmware, cpe:/o:lexmark:cx923_firmware, cpe:/o:lexmark:xc8160_firmware, cpe:/o:lexmark:mc2640_firmware, cpe:/o:lexmark:cx522_firmware, cpe:/o:lexmark:xc9235_firmware, cpe:/o:lexmark:mx421_firmware, cpe:/o:lexmark:cs622_firmware, cpe:/o:lexmark:mc3326_firmware, cpe:/o:lexmark:xc6153_firmware, cpe:/o:lexmark:cs820_firmware, cpe:/o:lexmark:cs421_firmware, cpe:/o:lexmark:cs923_firmware, cpe:/o:lexmark:xc9445_firmware, cpe:/o:lexmark:cx725_firmware, cpe:/o:lexmark:b3340_firmware, cpe:/o:lexmark:ms825_firmware, cpe:/o:lexmark:cs727_firmware, cpe:/o:lexmark:ms321_firmware, cpe:/o:lexmark:mx331_firmware, cpe:/o:lexmark:ms621_firmware, cpe:/o:lexmark:ms823_firmware, cpe:/o:lexmark:xc2326_firmware, cpe:/o:lexmark:xc9335_firmware, cpe:/o:lexmark:cs521_firmware, cpe:/o:lexmark:mb2650_firmware, cpe:/o:lexmark:cx920_firmware, cpe:/o:lexmark:c3326_firmware, cpe:/o:lexmark:c3426_firmware, cpe:/o:lexmark:mx622_firmware, cpe:/o:lexmark:xc9245_firmware, cpe:/o:lexmark:m5270_firmware, cpe:/o:lexmark:xc4352_firmware, cpe:/o:lexmark:mc3426_firmware, cpe:/o:lexmark:xc8163_firmware, cpe:/o:lexmark:b2865_firmware, cpe:/o:lexmark:cx922_firmware, cpe:/o:lexmark:mx321_firmware, cpe:/o:lexmark:xm1242_firmware, cpe:/o:lexmark:c6160_firmware, cpe:/o:lexmark:ms622_firmware, cpe:/o:lexmark:xc6152_firmware, cpe:/o:lexmark:cx944_firmware, cpe:/o:lexmark:c2535_firmware, cpe:/o:lexmark:cs720_firmware, cpe:/o:lexmark:cs827_firmware, cpe:/o:lexmark:xc4153_firmware, cpe:/o:lexmark:cs331_firmware, cpe:/o:lexmark:c2425_firmware, cpe:/o:lexmark:m1242_firmware, cpe:/o:lexmark:mx826_firmware, cpe:/o:lexmark:xc4143_firmware, cpe:/o:lexmark:ms521_firmware, cpe:/o:lexmark:c3224_firmware, cpe:/o:lexmark:mc2325_firmware, cpe:/o:lexmark:mx722_firmware, cpe:/o:lexmark:xc4140_firmware, cpe:/o:lexmark:cs728_firmware, cpe:/o:lexmark:mc2425_firmware, cpe:/o:lexmark:cx825_firmware, cpe:/o:lexmark:xm3250_firmware, cpe:/o:lexmark:m3250_firmware, cpe:/o:lexmark:c4150_firmware, cpe:/o:lexmark:mb2442_firmware, cpe:/o:lexmark:xm1342_firmware, cpe:/o:lexmark:cx727_firmware, cpe:/o:lexmark:mx431_firmware, cpe:/o:lexmark:cx625_firmware, cpe:/o:lexmark:m1246_firmware, cpe:/o:lexmark:b2650_firmware, cpe:/o:lexmark:c2325_firmware, cpe:/o:lexmark:cs725_firmware, cpe:/o:lexmark:mc3224_firmware, cpe:/o:lexmark:mx822_firmware, cpe:/o:lexmark:b2442_firmware, cpe:/o:lexmark:xm7370_firmware, cpe:/o:lexmark:xm7355_firmware, cpe:/o:lexmark:ms822_firmware, cpe:/o:lexmark:m1342_firmware, cpe:/o:lexmark:xc4342_firmware

Required KB Items: Tenable.ot/Lexmark

Exploit Ease: No known exploits are available

Patch Publication Date: 1/23/2023

Vulnerability Publication Date: 1/23/2023

Reference Information

CVE: CVE-2023-23560

CWE: 20, 918