CVE-2023-3711

CVSS V2 None CVSS V3 None

Description

Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Overview

CVE ID
CVE-2023-3711

Assigner
Honeywell

Vulnerability Status
PUBLISHED

Published Version
2023-09-12T19:57:50.393Z

Last Modified Date
2023-09-12T19:57:50.393Z

Weakness Enumerations

CWE	URL
CWE-384	http://cwe.mitre.org/data/definitions/384.html

References

Reference URL	Reference Tags
https://www.honeywell.com/us/en/product-security
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-3711
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3711

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 20:50:04				Added to TrackCVE