Vulnerabilities > CVE-2023-3712 - Files or Directories Accessible to External Parties vulnerability in Honeywell Pm43 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

honeywell

CWE-552

NVD

Published: 2023-09-12

Updated: 2023-09-19

Summary

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Vulnerable Configurations

Part	Description	Count
OS	Honeywell Honeywell Pm43 Firmware *	1
Hardware	Honeywell Honeywell Pm43 -	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
https://www.honeywell.com/us/en/product-security