CVE-2023-3712
MEDIUMHoneywell PM43 Firmware < P10.19.050004 - Privilege Escalation via Unprotected Files or Directories
Title source: llmDescription
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
References (3)
Core 3
Core References
Permissions Required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
Permissions Required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
Not Applicable, Product
https://www.honeywell.com/us/en/product-security
Scores
CVSS v3
6.6
EPSS
0.0009
EPSS Percentile
25.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-552
Status
published
Products (1)
honeywell/pm43_firmware
< p10.19.050004
Published
Sep 12, 2023
Tracked Since
Feb 18, 2026