Printer web page invalid command execution
CVE-2023-3710

9.9CRITICAL

Key Information:

Vendor

Honeywell

Status
Pm23/43
Pc23/43, Pd43
Pm42
Px4ie/6ie
Vendor
CVE Published:
12 September 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%

What is CVE-2023-3710?

A vulnerability in the Honeywell PM43 printers allows for potential command injection due to improper input validation on web page modules. Specifically, this affects PM43 versions prior to P10.19.050004. Users are encouraged to immediately update their firmware to the latest version MR19.5 to mitigate any security risks associated with this flaw. Protect your printer and sensitive data by ensuring your devices run the most secure and up-to-date software.

Affected Version(s)

PC23/43, PD43 32 bit 0

PD45, PX240 32 bit 0

PM23/43 32 bit 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-3710-POC
Created by vpxuser

References

https://www.honeywell.com/us/en/product-security
https://hsmftp.honeywell.com:443/en/Software/Printers/Ind...
https://hsmftp.honeywell.com:443/en/Software/Printers/Ind...

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.