CVE-2023-3710
Printer web page invalid command execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Vulnerabilidad de Validación de Entrada Incorrecta en Honeywell PM43 en 32 bits, ARM (módulos de página web de impresora) permite la Inyección de Comandos. Este problema afecta a las versiones de PM43 anteriores a P10.19.050004. Actualice a la última versión de firmware disponible de las respectivas impresoras a la versión MR19.5 (por ejemplo, P10.19.050006).
Honeywell PM43 versions prior to P10.19.050004 suffer from a remote code execution vulnerability.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-07-17 CVE Reserved
- 2023-09-12 CVE Published
- 2023-09-27 First Exploit
- 2024-10-14 EPSS Updated
- 2024-11-12 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
- CAPEC-248: Command Injection
References (3)
URL | Tag | Source |
---|---|---|
https://www.honeywell.com/us/en/product-security | Product |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/51885 | 2024-03-14 | |
https://github.com/vpxuser/CVE-2023-3710-POC | 2023-09-27 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Honeywell Search vendor "Honeywell" | Pm43 Firmware Search vendor "Honeywell" for product "Pm43 Firmware" | < p10.19.050004 Search vendor "Honeywell" for product "Pm43 Firmware" and version " < p10.19.050004" | - |
Affected
| in | Honeywell Search vendor "Honeywell" | Pm43 Search vendor "Honeywell" for product "Pm43" | - | x86 |
Safe
|