CVE-2023-3712

MEDIUM

Honeywell Pm43 Firmware < p10.19.050004 - Privilege Escalation

Title source: rule

Description

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Exploits (1)

inthewild

poc

https://github.com/vpxuser/cve-2023-3712-poc

View on inthewild

References (3)

[Permissions Required] https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004

[Permissions Required] https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A

[Not Applicable, Product] https://www.honeywell.com/us/en/product-security

Scores

CVSS v3 6.6

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Details

CWE

CWE-552

Status published

Products (1)

honeywell/pm43_firmware < p10.19.050004

Published Sep 12, 2023

Tracked Since Feb 18, 2026