CVE-2023-3710

Summary

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Affected Software

VendorProductVersion RangeStatus
HoneywellPM23/430 < P10.19.050004affected
HoneywellPC23/43, PD430 < K10.19.050004affected
HoneywellPM420 < T10.19.050004affected
HoneywellPM420 < L10.19.050004affected
HoneywellPX4ie/6ie0 < A10.19.050004affected
HoneywellPX45/650 < B10.19.050004affected
HoneywellPD45, PX2400 < F10.19.050004affected
HoneywellPX9400 < H10.19.050004affected
HoneywellPM450 < J10.19.050004affected
HoneywellRP2f/RP4f0 < M10.19.050006affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References