Potential Predictable Session ID
CVE-2023-3711

8.8HIGH

Key Information:

Vendor: Honeywell
Status: PM23/43; PC23/43, PD43; PM42; PX4ie/6ie
Vendor: CVE Published:; 12 September 2023

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-3711?

A vulnerability exists in Honeywell PM43 printers that allows for session credential falsification through a session fixation mechanism. This issue affects PM43 models running versions prior to P10.19.050004, compromising the integrity of user sessions. It is crucial to update to the latest firmware version MR19.5 (e.g., P10.19.050006) to mitigate this risk. Keeping your devices updated is essential to maintaining secure operations.

Affected Version(s)

PC23/43, PD43 32 bit 0

PD45, PX240 32 bit 0

PM23/43 32 bit 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-3711-POC
Created by vpxuser

References

https://www.honeywell.com/us/en/product-security

https://hsmftp.honeywell.com:443/en/Software/Printers/Ind...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Jul 17, 2023
🟡
Public PoC available
Jul 3, 2023
👾
Exploit known to exist
Jul 3, 2023