CVE-2023-3712
published 2023-09-12CVE-2023-3712: Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.53%
40.7th percentile
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| honeywell | pm23_43 | < P10.19.050004 | P10.19.050004 |
| honeywell | pm42 | < T10.19.050004 | T10.19.050004 |
| honeywell | pm42 | < L10.19.050004 | L10.19.050004 |
| honeywell | pm43_firmware | < p10.19.050004 | p10.19.050004 |
| honeywell | pm45 | < J10.19.050004 | J10.19.050004 |
| honeywell | px45_65 | < B10.19.050004 | B10.19.050004 |
| honeywell | px4ie_6ie | < A10.19.050004 | A10.19.050004 |
| honeywell | px940 | < H10.19.050004 | H10.19.050004 |
| honeywell | rp2f_rp4f | < M10.19.050006 | M10.19.050006 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_oracle7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cwj7-4q2c-hmxj: Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalat
ghsa_unreviewed·2023-09-12
CVE-2023-3712 [HIGH] CWE-552 GHSA-cwj7-4q2c-hmxj: Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalat
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Oracle
Oracle Oracle Siebel CRM Risk Matrix: Siebel Core - Server Infrastructure (OpenSSL) — CVE-2021-3712
vendor_oracle·2023-04-15·CVSS 7.4
CVE-2021-3712 [HIGH] Oracle Oracle Siebel CRM Risk Matrix: Siebel Core - Server Infrastructure (OpenSSL) — CVE-2021-3712
Oracle Oracle Siebel CRM Risk Matrix: Siebel Core - Server Infrastructure (OpenSSL) vulnerability
CVE: CVE-2021-3712
CVSS: 7.4
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004Ahttps://www.honeywell.com/us/en/product-securityhttps://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004Ahttps://www.honeywell.com/us/en/product-security
2023-09-12
Published