CVE-2023-3710

Printer web page invalid command execution

Description

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

References

Link	Tags
https://www.honeywell.com/us/en/product-security	product
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004	permissions required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A	permissions required

Frequently Asked Questions

What is the severity of CVE-2023-3710?: CVE-2023-3710 has been scored as a critical severity vulnerability.
How to fix CVE-2023-3710?: To fix CVE-2023-3710, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-3710 being actively exploited in the wild?: It is possible that CVE-2023-3710 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~91% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3710?: CVE-2023-3710 affects Honeywell PM23/43, Honeywell PC23/43, PD43, Honeywell PM42, Honeywell PM42, Honeywell PX4ie/6ie, Honeywell PX45/65, Honeywell PD45, PX240, Honeywell PX940, Honeywell PM45, Honeywell RP2f/RP4f.

Description

Categories

CWE-20 – Improper Input Validation

CWE-77 – Improper Neutralization of Special Elements used in a Command ('Command Injection')

References

Frequently Asked Questions