Network Issues on Copiers and HP Enterprise Printers

  • About 12:20PM today, all of our Enterprise Level HP Printers went down with Security Error 33.05.13. They have not recovered.

    alt text

    I've researched that error and here's the troubleshooting so far:

    Tried firmware reload via USB drive. Boots to same error
    Booting printers disconnected from network results in a complete boot. If I plug them back in, they lock up and if you reboot while connected, same security alert.
    This is only affecting Enterprise Level Printers and not standard laserjet and deskjets. I assume it is due to added security in those class of printers.

    And as I type this, our Toshiba Copiers are very sluggish when using the on device buttons. The software on them is very slow.

    Other observations:

    My PC lost internet only around 12:20PM and I did a release/renew and about that time, the HP's when down. I don't think this is the cause but it is interesting.
    No other adverse effects on workstations or servers.
    I've worked with a local HP rep who came here and HP on the phone and they don't know what the cause is.

    I am about to head to an even for a few hours but will be back here at 7PM central time to continue to troubleshoot. The first thing I may do is reboot all my servers, which includes Domain Controller, DHCP and DNS.

    But I am worried we have had some kind of attack and with the focus on cyber-security, management wants to be reassured.

    I have WireShark but I admit I am not good at reading the results.

    I'll update more in a few hours.

  • We received quite a few warnings from HP to update firmware due to a bad vulnerability in their firmware. Were these printers updated? I can dig back in if need-be.

  • @garak0410 said in Network Issues on Copiers and HP Enterprise Printers:

    Security Error 33.05.13

    You've probably already seen this one:

    No mention of .13 either. Hmmmm

    The fact that the printer boots okay until a network is present indicates it is probably reaching out and hitting a "you're bad" response (best guess).

    If the firmware is up to date then one "workaround" would be to set up on the edge an Address Object (using SonicWALL terminology here) for the affected printers and their IPs (if range then do the range), then set a block for HTTP/HTTPS for them/their range. One could also set a full port block in place since they shouldn't be contacting the Internet anyway IMO.

  • did you migrate recently to O365 ?

  • This post is deleted!

Log in to reply