CVE-2023-3712
low-risk
Published 2023-09-12
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Do I need to act?
-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.6/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Permissions Required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43...
Permissions Required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43...
Not Applicable
https://www.honeywell.com/us/en/product-security
Permissions Required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43...
Permissions Required
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43...
Not Applicable
https://www.honeywell.com/us/en/product-security
26
/ 100
low-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal