CVE-2019-10960

Published: Aug 20, 2019Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.

Affected (8)

Products: Zebra: Zt610 Firmware, Zt620 Firmware, Zt510 Firmware, Zt410 Firmware, Zt420 Firmware, Zt220 Firmware, Zt230 Firmware, 220xi4 Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra Zt610 Firmware	All versions

Running on/with	Platform Versions
Zebra Zt610	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra Zt620 Firmware	All versions

Running on/with	Platform Versions
Zebra Zt620	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra Zt510 Firmware	All versions

Running on/with	Platform Versions
Zebra Zt510	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra Zt410 Firmware	All versions

Running on/with	Platform Versions
Zebra Zt410	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra Zt420 Firmware	All versions

Running on/with	Platform Versions
Zebra Zt420	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra Zt220 Firmware	All versions

Running on/with	Platform Versions
Zebra Zt220	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra Zt230 Firmware	All versions

Running on/with	Platform Versions
Zebra Zt230	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zebra 220xi4 Firmware	All versions

Running on/with	Platform Versions
Zebra 220xi4	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.us-cert.gov/ics/advisories/icsa-19-232-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsa-19-232-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.