Vulnerability Details CVE-2023-3712
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.2%
CVSS Severity
CVSS v3 Score 6.6
References
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
- https://www.honeywell.com/us/en/product-security
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
- https://www.honeywell.com/us/en/product-security
Products affected by CVE-2023-3712
-
cpe:2.3:h:honeywell:pm43:-
-
cpe:2.3:o:honeywell:pm43_firmware:*