OpenCVE

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Honeywell	Pc23 43 Pd43 Pm23 43 Pm42 Pm43 Pm43 Firmware Pm45 Px240 Px45 Px45 65 Px4ie 6ie Px940 Rp2f Rp4f

Configuration 1 [-]

AND

cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:honeywell:pm43:-:*:*:*:*:*:x86:*

No data.

References

Link	Providers
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
https://www.honeywell.com/us/en/product-security

History

Tue, 12 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Honeywell pc23 43 Honeywell pd43 Honeywell pm23 43 Honeywell pm42 Honeywell pm45 Honeywell px240 Honeywell px45 Honeywell px45 65 Honeywell px4ie 6ie Honeywell px940 Honeywell rp2f Rp4f
CPEs		cpe:2.3:a:honeywell:pc23_43:::::::: cpe:2.3:a:honeywell:pd43:::::::: cpe:2.3:a:honeywell:pm23_43:::::::: cpe:2.3:a:honeywell:pm42:::::::: cpe:2.3:a:honeywell:pm45:::::::: cpe:2.3:a:honeywell:px240:::::::: cpe:2.3:a:honeywell:px45:::::::: cpe:2.3:a:honeywell:px45_65:::::::: cpe:2.3:a:honeywell:px4ie_6ie:::::::: cpe:2.3:a:honeywell:px940:::::::: cpe:2.3:a:honeywell:rp2f_rp4f::::::::
Vendors & Products		Honeywell pc23 43 Honeywell pd43 Honeywell pm23 43 Honeywell pm42 Honeywell pm45 Honeywell px240 Honeywell px45 Honeywell px45 65 Honeywell px4ie 6ie Honeywell px940 Honeywell rp2f Rp4f
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Honeywell

Published: 2023-09-12T19:55:41.805Z

Updated: 2024-11-12T15:13:06.021Z

Reserved: 2023-07-17T13:59:22.320Z

Link: CVE-2023-3710

Vulnrichment

Updated: 2024-08-02T07:01:57.525Z

NVD

Status : Modified

Published: 2023-09-12T20:15:09.387

Modified: 2024-11-21T08:17:53.760

Link: CVE-2023-3710

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object