CVE-2023-3711

MEDIUM

Honeywell PM43 <P10.19.050004 - Session Fixation

Title source: llm

Description

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

References (3)

Core 3

Core References

Permissions Required

https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004

Permissions Required

https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A

Product

https://www.honeywell.com/us/en/product-security

Scores

CVSS v3 6.4

EPSS 0.0087

EPSS Percentile 54.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-384

Status published

Products (1)

honeywell/pm43_firmware < p10.19.050004

Published Sep 12, 2023

Tracked Since Feb 18, 2026