CVE-2023-3712

Potential user privilege escalation

CVSS 6.6 MEDIUMEPSS 0.5%CWE-552

Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Produtos afetados

Honeywell · PC23/43, PD43 Honeywell · PD45, PX240 Honeywell · PM23/43 Honeywell · PM42 Honeywell · PM45 Honeywell · PX45/65 Honeywell · PX4ie/6ie Honeywell · PX940 Honeywell · RP2f/RP4f

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004 https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A https://www.honeywell.com/us/en/product-security