CVE-2023-3712
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Summary
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Honeywell | PM23/43 | 0 < P10.19.050004 | affected |
| Honeywell | PC23/43, PD43 | 0 < K10.19.050004 | affected |
| Honeywell | PM42 | 0 < T10.19.050004 | affected |
| Honeywell | PM42 | 0 < L10.19.050004 | affected |
| Honeywell | PX4ie/6ie | 0 < A10.19.050004 | affected |
| Honeywell | PX45/65 | 0 < B10.19.050004 | affected |
| Honeywell | PD45, PX240 | 0 < F10.19.050004 | affected |
| Honeywell | PX940 | 0 < H10.19.050004 | affected |
| Honeywell | PM45 | 0 < J10.19.050004 | affected |
| Honeywell | RP2f/RP4f | 0 < M10.19.050006 | affected |
Weaknesses
- CWE-552: CWE-552 Files or Directories Accessible to External Parties
ADP Enrichment
CVE Program Container
Additional References
- https://www.honeywell.com/us/en/product-security
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.honeywell.com/us/en/product-security
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.