CVE-2023-3710

CRITICAL EXPLOITED NUCLEI

Honeywell Pm43 Firmware < p10.19.050004 - Command Injection

Title source: rule

Description

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Exploits (3)

exploitdb WORKING POC

by ByteHunter · pythonremotehardware

https://www.exploit-db.com/exploits/51885

View Code ZIP pw:eip

vulncheck_xdb

remote-auth

https://github.com/vpxuser/CVE-2023-3710-POC

View on vulncheck_xdb

inthewild

poc

https://github.com/vpxuser/cve-2023-3710-poc

View on inthewild

Nuclei Templates (1)

Honeywell PM43 Printers - Command Injection

CRITICALVERIFIEDby win3zz

Shodan: http.html:"/main/login.lua?pageid="

FOFA: body="/main/login.lua?pageid="

References (3)

[Permissions Required] https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004

[Permissions Required] https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A

[Product] https://www.honeywell.com/us/en/product-security

Scores

CVSS v3 9.9

EPSS 0.9170

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

Details

VulnCheck KEV 2024-02-06

CWE

CWE-20 CWE-77

Status published

Products (1)

honeywell/pm43_firmware < p10.19.050004

Published Sep 12, 2023

Tracked Since Feb 18, 2026