CVE-2023-3711

Potential Predictable Session ID

Description

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Category

6.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.23%
Affected: Honeywell PM23/43
Affected: Honeywell PC23/43, PD43
Affected: Honeywell PM42
Affected: Honeywell PM42
Affected: Honeywell PX4ie/6ie
Affected: Honeywell PX45/65
Affected: Honeywell PD45, PX240
Affected: Honeywell PX940
Affected: Honeywell PM45
Affected: Honeywell RP2f/RP4f
Published at:
Updated at:

References

Link Tags
https://www.honeywell.com/us/en/product-security product
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004 permissions required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A permissions required

Frequently Asked Questions

What is the severity of CVE-2023-3711?
CVE-2023-3711 has been scored as a medium severity vulnerability.
How to fix CVE-2023-3711?
To fix CVE-2023-3711, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-3711 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-3711 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3711?
CVE-2023-3711 affects Honeywell PM23/43, Honeywell PC23/43, PD43, Honeywell PM42, Honeywell PM42, Honeywell PX4ie/6ie, Honeywell PX45/65, Honeywell PD45, PX240, Honeywell PX940, Honeywell PM45, Honeywell RP2f/RP4f.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.