Skip to Content Information Center
Lexmark MS610dn / MS610dtn

Lexmark MS610dn / MS610dtn

Padding Oracle on Downloaded Legacy Encryption 'POODLE' Vulnerability

Lexmark Security Advisory:

Revision: 1.2
Last update:25 November 2014
Public Release Date:4 November 2014


POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability

A vulnerability was disclosed in the SSLv3 protocol which allows an attacker with the ability to intercept and insert traffic (Man-In-The-Middle) to decrypt a portion of the encrypted communication.


CVE: CVE-2014-3566


On October 14, 2014, a vulnerability was announced by Google researchers in the way the Secure Sockets Layer version 3 (SSLv3) protocol handles block ciphers in Cipher Block Chaining (CBC) mode. This vulnerability can be exploited by an attacker to decrypt a portion of the encrypted communication, most notably session cookies.

SSLv3 is an old protocol which contains a considerable number of known vulnerabilities. With the addition of this vulnerability use of SSLv3 is now considered insecure; the more modern Transport Layer Security (TLS) protocol should be used in place of SSL.

Vulnerability Scoring Details

CVSS Base Score:4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N)
Impact Subscore: 2.9
Exploitability Subscore:8.6

CVSS scores are calculated in accordance with CVSS version 2.0 (


This vulnerability can be used to expose a portion of SSLv3 protected communications. This information can include session cookies which can then be leveraged to obtain unauthorized access.

Affected Products

The following products are known to be affected; for specific details see “Product Specific Information” below. Lexmark is assessing each product and will update this advisory as more information becomes available.

  • Lexmark printer products

Additional products may be affected, investigations are ongoing.

Product Specific Information

Lexmark is individually assessing each product and will update this advisory as more information becomes available.

Laser printer products

The following printers and MFPs are affected:

To determine what level of firmware a device is running, select the "Reports" > "Menu Setting Page" menu item from the operator panel. If the firmware level listed under Device Information matches any level under “Affected Releases”, then upgrade to a “Fixed Release”. Additional products may be affected, investigations are ongoing.

Lexmark ModelsAffected ReleasesFixed Releases
CS31xLW41.VYL.P468 and previousLW41.VYL.P469 and later
CS41xLW41.VY2.P468 and previousLW41.VY2.P469 and later
CS51xLW41.VY4.P468 and previousLW41.VY4.P469 and later
CX310LW41.GM2.P468 and previousLW41.GM2.P469 and later
CX410LW41.GM4.P468 and previousLW41.GM4.P469 and later
CX510LW41.GM7.P468 and previousLW41.GM7.P469 and later
XC2132LW41.GM7.P468 and previousLW41.GM7.P469 and later
MS310LW41.PRL.P468 and previousLW41.PRL.P469 and later
MS312LW41.PRL.P468 and previousLW41.PRL.P469 and later
MS315LW41.TL.P468 and previousLW41.TL.P469 and later
MS410LW41.PRL.P468 and previousLW41.PRL.P469 and later
MS415LW41.TL.P468 and previousLW41.TL.P469 and later
MS51xLW41.PR2.P468 and previousLW41.PR2.P469 and later
MS610dn & MS610dtnLW41.PR2.P468 and previousLW41.PR2.P469 and later
M1145 & M3150dnLW41.PR2.P468 and previousLW41.PR2.P469 and later
MS610de & MS610dteLW41.PR4.P468 and previousLW41.PR4.P469 and later
M3150LW41.PR4.P468 and previousLW41.PR4.P469 and later
MS71xLW41.DN2.P468 and previousLW41.DN2.P469 and later
MS810n, MS810dn & MS810dtnLW41.DN2.P468 and previousLW41.DN2.P469 and later
MS811LW41.DN2.P468 and previousLW41.DN2.P469 and later
MS812dn, MS812dtnLW41.DN2.P468 and previousLW41.DN2.P469 and later
M5163dnLW41.DN2.P468 and previousLW41.DN2.P469 and later
MS810deLW41.DN4.P468 and previousLW41.DN4.P469 and later
M5155 & M5163LW41.DN4.P468 and previousLW41.DN4.P469 and later
MS812deLW41.DN7.P468 and previousLW41.DN7.P469 and later
M5170LW41.DN7.P468 and previousLW41.DN7.P469 and later
MS91xLW41.SA.P468 and previousLW41.SA.P469 and later
MX310LW41.SB2.P468 and previousLW41.SB2.P469 and later
MX410, MX510 & MX511LW41.SB4.P468 and previousLW41.SB4.P469 and later
XM1145LW41.SB4.P468 and previousLW41.SB4.P469 and later
MX610 & MX611LW41.SB7.P468 and previousLW41.SB7.P469 and later
XM3150LW41.SB7.P468 and previousLW41.SB7.P469 and later
MX71xLW41.TU.P468 and previousLW41.TU.P469 and later
MX81xLW41.TU.P468 and previousLW41.TU.P469 and later
XM51xx & XM71xxLW41.TU.P468 and previousLW41.TU.P469 and later
MX91xLW41.MG.P468 and previousLW41.MG.469 and later
MX6500eLW41.JD.P468 and previousLW41.JD.P469 and later
C746LHS41.CM2.P458 and previousLHS41.CM2.P459 and later
C748 & CS748LHS41.CM4.P458 and previousLHS41.CM4.P459 and later
C79x & CS796LHS41.HC.P458 and previousLHS41.HC.P459 and later
C925LHS41.HV.P458 and previousLHS41.HV.P459 and later
C95xLHS41.TP.P458 and previousLHS41.TP.P459 and later
X548 & XS548LHS41.VK.P458 and previousLHS41.VK.P459 and later
X74x & XS748LHS41.NY.P458 and previousLHS41.NY.P459 and later
X792 & XS79xLHS41.MR.P458 and previousLHS41.MR.P459 and later
X925 & XS925LHS41.HK.P458 and previousLHS41.HK.P459 and later
X95x & XS95xLHS41.TQ.P458 and previousLHS41.TQ.P459 and later
6500eLHS41.JR.P458 and previousLHS41.JR.P459 and later
C734LR.SK.P693 and previousLR.SK.P694 and later
E46xLR.LBH.P673 and previousLR.LBH.P674 and later
T650 & T652LR.JP.P680 and previousLR.JP.P681 and later
T654LR.JP.P680 and previousLR.JP.P681 and later
T656LSJ.SJ.P041 and previousLSJ.SJ.P042 and later
W85xLR.JB.P645 and previousLR.JB.P646 and later
X46xLR.BS.P695 and previousLR.BS.P696 and later
X65xLR.MN.P694 and previousLR.MN.P695 and later
X73xLR.FL.P694 and previousLR.FL.P695 and later
X86xLP.SP.P694 and previousLP.SP.P695 and later

Obtaining Updated Software

To obtain firmware that resolves this issue or if you have special code, please contact Lexmark’s Technical Support Center at to find your local support center.

Markvision Enterprise


The vulnerability only exists when SSLv3 is in use. Therefore Lexmark recommends that you disable SSLv3 support in your browser and other applications. Contact your application provider for information on how to accomplish this.

Exploitation and Public Announcements

Lexmark is not aware of any malicious use of the vulnerability described in this advisory.

Status of this Notice:

This document is provided on an "as is" basis and is provided without any express or implied guarantee or warranty whatsoever, including but not limited to the warranties of merchantability and fitness for a particular use or purpose. Lexmark reserves the right to change or update this document at any time.


This advisory is posted on Lexmark’s web site at

Future updates to this document will be posted on Lexmark’s web site at the same location.

Revision History

1.0 3 - November - 2014Initial Public Release
1.112 - November - 2014Updated to identify affected products
1.225-November-2014Updated to identify additional affected products


Was this article helpful?