CVE-2023-40239 - Vulnerability Details

Description

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

Published: 2023-09-01

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:lexmark:c2132_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:c2132:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lexmark:cs310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs310:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lexmark:cs317_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs317:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lexmark:cs410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs410:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lexmark:cs417_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs417:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lexmark:cs510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs510:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lexmark:cs517_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs517:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lexmark:cx310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx310:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lexmark:cx317_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx317:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx410:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lexmark:cx417_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx417:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx510:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lexmark:cx517_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx517:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lexmark:m1140\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m1140\+:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lexmark:m1140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m1140:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lexmark:m1145_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m1145:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lexmark:m3150de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m3150de:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lexmark:m3150dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m3150dn:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lexmark:m5155_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5155:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lexmark:m5163de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5163de:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lexmark:m5163dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5163dn:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lexmark:m5170_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5170:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lexmark:ms310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms310:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lexmark:ms312_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms312:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lexmark:ms315_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms315:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lexmark:ms317_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms317:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lexmark:ms410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms410:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lexmark:ms415_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms415:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lexmark:ms417_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms417:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lexmark:ms510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms510:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:lexmark:ms517_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms517:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:lexmark:ms610de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms610de:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:lexmark:ms610dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms610dn:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:lexmark:ms617_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms617:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:lexmark:ms710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms710:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:lexmark:ms711_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms711:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:lexmark:ms810de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms810de:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:lexmark:ms810dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms810dn:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:lexmark:ms811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms811:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:lexmark:ms812de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms812de:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:lexmark:ms812dn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms812dn:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:lexmark:ms817_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms817:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:lexmark:ms818_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms818:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:lexmark:ms911_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms911:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:lexmark:mx310_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx310:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:lexmark:mx317_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx317:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:lexmark:mx410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx410:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:lexmark:mx417_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx417:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:lexmark:mx510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx510:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:lexmark:mx511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx511:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:lexmark:mx517_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx517:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:lexmark:mx610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx610:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:lexmark:mx611_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx611:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:lexmark:mx617_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx617:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:lexmark:mx710_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx710:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:lexmark:mx711_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx711:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:lexmark:mx717_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx717:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:lexmark:mx718_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx718:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:lexmark:mx810_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx810:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:lexmark:mx811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx811:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:lexmark:mx812_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx812:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:lexmark:mx910_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx910:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:lexmark:mx911_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx911:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:lexmark:mx912_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx912:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:lexmark:xc2130_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xc2130:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:lexmark:xc2132_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xc2132:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

cpe:2.3:o:lexmark:xm1135_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm1135:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

cpe:2.3:o:lexmark:xm1140_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm1140:-:*:*:*:*:*:*:*

Configuration 69 [-]

AND

cpe:2.3:o:lexmark:xm1145_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm1145:-:*:*:*:*:*:*:*

Configuration 70 [-]

AND

cpe:2.3:o:lexmark:xm3150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm3150:-:*:*:*:*:*:*:*

Configuration 71 [-]

AND

cpe:2.3:o:lexmark:xm5163_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm5163:-:*:*:*:*:*:*:*

Configuration 72 [-]

AND

cpe:2.3:o:lexmark:xm5170_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm5170:-:*:*:*:*:*:*:*

Configuration 73 [-]

AND

cpe:2.3:o:lexmark:xm5263_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm5263:-:*:*:*:*:*:*:*

Configuration 74 [-]

AND

cpe:2.3:o:lexmark:xm5270_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm5270:-:*:*:*:*:*:*:*

Configuration 75 [-]

AND

cpe:2.3:o:lexmark:xm7155_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm7155:-:*:*:*:*:*:*:*

Configuration 76 [-]

AND

cpe:2.3:o:lexmark:xm7163_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm7163:-:*:*:*:*:*:*:*

Configuration 77 [-]

AND

cpe:2.3:o:lexmark:xm7170_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm7170:-:*:*:*:*:*:*:*

Configuration 78 [-]

AND

cpe:2.3:o:lexmark:xm7263_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm7263:-:*:*:*:*:*:*:*

Configuration 79 [-]

AND

cpe:2.3:o:lexmark:xm7270_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm7270:-:*:*:*:*:*:*:*

Configuration 80 [-]

AND

cpe:2.3:o:lexmark:xm9145_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm9145:-:*:*:*:*:*:*:*

Configuration 81 [-]

AND

cpe:2.3:o:lexmark:xm9155_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm9155:-:*:*:*:*:*:*:*

Configuration 82 [-]

AND

cpe:2.3:o:lexmark:xm9165_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm9165:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-44836	Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80..P246, i.e., '' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0027.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://publications.lexmark.com/publications/security-alerts/CVE-2023-40239.pdf

History

Tue, 01 Oct 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Lexmark C2132 C2132 Firmware Cs310 Cs310 Firmware Cs317 Cs317 Firmware Cs410 Cs410 Firmware Cs417 Cs417 Firmware Cs510 Cs510 Firmware Cs517 Cs517 Firmware Cx310 Cx310 Firmware Cx317 Cx317 Firmware Cx410 Cx410 Firmware Cx417 Cx417 Firmware Cx510 Cx510 Firmware Cx517 Cx517 Firmware M1140 M1140\+ M1140\+ Firmware M1140 Firmware M1145 M1145 Firmware M3150de M3150de Firmware M3150dn M3150dn Firmware M5155 M5155 Firmware M5163de M5163de Firmware M5163dn M5163dn Firmware M5170 M5170 Firmware Ms310 Ms310 Firmware Ms312 Ms312 Firmware Ms315 Ms315 Firmware Ms317 Ms317 Firmware Ms410 Ms410 Firmware Ms415 Ms415 Firmware Ms417 Ms417 Firmware Ms510 Ms510 Firmware Ms517 Ms517 Firmware Ms610de Ms610de Firmware Ms610dn Ms610dn Firmware Ms617 Ms617 Firmware Ms710 Ms710 Firmware Ms711 Ms711 Firmware Ms810de Ms810de Firmware Ms810dn Ms810dn Firmware Ms811 Ms811 Firmware Ms812de Ms812de Firmware Ms812dn Ms812dn Firmware Ms817 Ms817 Firmware Ms818 Ms818 Firmware Ms911 Ms911 Firmware Mx310 Mx310 Firmware Mx317 Mx317 Firmware Mx410 Mx410 Firmware Mx417 Mx417 Firmware Mx510 Mx510 Firmware Mx511 Mx511 Firmware Mx517 Mx517 Firmware Mx610 Mx610 Firmware Mx611 Mx611 Firmware Mx617 Mx617 Firmware Mx710 Mx710 Firmware Mx711 Mx711 Firmware Mx717 Mx717 Firmware Mx718 Mx718 Firmware Mx810 Mx810 Firmware Mx811 Mx811 Firmware Mx812 Mx812 Firmware Mx910 Mx910 Firmware Mx911 Mx911 Firmware Mx912 Mx912 Firmware Xc2130 Xc2130 Firmware Xc2132 Xc2132 Firmware Xm1135 Xm1135 Firmware Xm1140 Xm1140 Firmware Xm1145 Xm1145 Firmware Xm3150 Xm3150 Firmware Xm5163 Xm5163 Firmware Xm5170 Xm5170 Firmware Xm5263 Xm5263 Firmware Xm5270 Xm5270 Firmware Xm7155 Xm7155 Firmware Xm7163 Xm7163 Firmware Xm7170 Xm7170 Firmware Xm7263 Xm7263 Firmware Xm7270 Xm7270 Firmware Xm9145 Xm9145 Firmware Xm9155 Xm9155 Firmware Xm9165 Xm9165 Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-01T00:00:00.000Z

Updated: 2024-10-01T14:26:17.023Z

Reserved: 2023-08-11T00:00:00.000Z

Link: CVE-2023-40239

Vulnrichment

Updated: 2024-08-02T18:24:55.807Z

NVD

Status : Modified

Published: 2023-09-01T11:15:42.657

Modified: 2024-11-21T08:19:03.160

Link: CVE-2023-40239

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-611

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object