CVE-2023-3710 CRITICAL

CVE-2023-3710: Printer web page invalid command execution

Vendor Honeywell

Product PM23/43

Weakness CWE-20 · Input validation

Published September 12, 2023

Last update September 12, 2025

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).

Key dates

02Disclosure timeline

September 12, 2023 CVE published

September 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3710 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2023-3710

CWE CWE-20

CVSS 9.9 / CRITICAL

Affected versions

Vendor Honeywell

Product PM23/43

Affected < P10.19.050004

Vendor Honeywell

Product PC23/43, PD43

Affected < K10.19.050004

Vendor Honeywell

Product PM42

Affected < T10.19.050004

Vendor Honeywell

Product PM42

Affected < L10.19.050004

Vendor Honeywell

Product PX4ie/6ie

Affected < A10.19.050004

Vendor Honeywell

Product PX45/65

Affected < B10.19.050004

Vendor Honeywell

Product PD45, PX240

Affected < F10.19.050004

Vendor Honeywell

Product PX940

Affected < H10.19.050004

Vendor Honeywell

Product PM45

Affected < J10.19.050004

Vendor Honeywell

Product RP2f/RP4f

Affected < M10.19.050006

CVE-2023-3710: Printer web page invalid command execution

01Description

02Disclosure timeline

03References

04Related CVE