Search criteria
6 vulnerabilities found for PC23/43, PD43 by Honeywell
CVE-2023-3712 (GCVE-0-2023-3712)
Vulnerability from cvelistv5 – Published: 2023-09-12 19:59 – Updated: 2025-09-12 19:33
VLAI?
Title
Potential user privilege escalation
Summary
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity ?
6.6 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jinqi Lai (Independent Security Researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:54:07.219279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:19:21.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:33:38.362Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential user privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3712",
"datePublished": "2023-09-12T19:59:00.396Z",
"dateReserved": "2023-07-17T13:59:27.158Z",
"dateUpdated": "2025-09-12T19:33:38.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3711 (GCVE-0-2023-3711)
Vulnerability from cvelistv5 – Published: 2023-09-12 19:57 – Updated: 2025-09-12 19:32
VLAI?
Title
Potential Predictable Session ID
Summary
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity ?
6.4 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jinqi Lai (Independent Security Researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:56:40.504011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:21:02.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:32:41.660Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential Predictable Session ID",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3711",
"datePublished": "2023-09-12T19:57:50.393Z",
"dateReserved": "2023-07-17T13:59:26.270Z",
"dateUpdated": "2025-09-12T19:32:41.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3710 (GCVE-0-2023-3710)
Vulnerability from cvelistv5 – Published: 2023-09-12 19:55 – Updated: 2025-09-12 19:31
VLAI?
Title
Printer web page invalid command execution
Summary
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity ?
9.9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jinqi Lai (Independent Security Researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:honeywell:pm23_43:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pm23_43",
"vendor": "honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pc23_43:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pc23_43",
"vendor": "honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pd43:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pd43",
"vendor": "honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pm42:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pm42",
"vendor": "honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px4ie_6ie:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px4ie_6ie",
"vendor": "honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px45_65:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px45_65",
"vendor": "honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px45:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px45",
"vendor": "honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px240:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px240",
"vendor": "honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px940:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px940",
"vendor": "honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pm45:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pm45",
"vendor": "honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:rp2f_rp4f:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rp2f_rp4f",
"vendor": "honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:53:08.275292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:13:06.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:31:57.851Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Printer web page invalid command execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3710",
"datePublished": "2023-09-12T19:55:41.805Z",
"dateReserved": "2023-07-17T13:59:22.320Z",
"dateUpdated": "2025-09-12T19:31:57.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3712 (GCVE-0-2023-3712)
Vulnerability from nvd – Published: 2023-09-12 19:59 – Updated: 2025-09-12 19:33
VLAI?
Title
Potential user privilege escalation
Summary
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity ?
6.6 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jinqi Lai (Independent Security Researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:54:07.219279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:19:21.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:33:38.362Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential user privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3712",
"datePublished": "2023-09-12T19:59:00.396Z",
"dateReserved": "2023-07-17T13:59:27.158Z",
"dateUpdated": "2025-09-12T19:33:38.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3711 (GCVE-0-2023-3711)
Vulnerability from nvd – Published: 2023-09-12 19:57 – Updated: 2025-09-12 19:32
VLAI?
Title
Potential Predictable Session ID
Summary
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity ?
6.4 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jinqi Lai (Independent Security Researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:56:40.504011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:21:02.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-59",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-59 Session Credential Falsification through Prediction"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:32:41.660Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential Predictable Session ID",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3711",
"datePublished": "2023-09-12T19:57:50.393Z",
"dateReserved": "2023-07-17T13:59:26.270Z",
"dateUpdated": "2025-09-12T19:32:41.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3710 (GCVE-0-2023-3710)
Vulnerability from nvd – Published: 2023-09-12 19:55 – Updated: 2025-09-12 19:31
VLAI?
Title
Printer web page invalid command execution
Summary
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity ?
9.9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Jinqi Lai (Independent Security Researcher)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:honeywell:pm23_43:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pm23_43",
"vendor": "honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pc23_43:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pc23_43",
"vendor": "honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pd43:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pd43",
"vendor": "honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pm42:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pm42",
"vendor": "honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px4ie_6ie:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px4ie_6ie",
"vendor": "honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px45_65:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px45_65",
"vendor": "honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px45:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px45",
"vendor": "honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px240:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px240",
"vendor": "honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:px940:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "px940",
"vendor": "honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:pm45:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pm45",
"vendor": "honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:honeywell:rp2f_rp4f:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rp2f_rp4f",
"vendor": "honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:53:08.275292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T15:13:06.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:31:57.851Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Printer web page invalid command execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3710",
"datePublished": "2023-09-12T19:55:41.805Z",
"dateReserved": "2023-07-17T13:59:22.320Z",
"dateUpdated": "2025-09-12T19:31:57.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}