Honeywell PC42t/PC42tp/PC42d prior T10.20.060398 client-side enforcement of server-side security
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.4 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Honeywell PC42t, PC42tp and PC42d. This affects an unknown part. The manipulation leads to client-side enforcement of server-side security. This vulnerability is listed as CVE-2024-6620. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.
Details
A vulnerability was found in Honeywell PC42t, PC42tp and PC42d and classified as problematic. This issue affects some unknown functionality. The manipulation with an unknown input leads to a client-side enforcement of server-side security vulnerability. Using CWE to declare the problem leads to CWE-602. The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. Impacted is availability. The summary by CVE is:
Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to the most recent version of this firmware, PC42 Printer Firmware Version 20.6 T10.20.060398.
The advisory is shared at sps.honeywell.com. The identification of this vulnerability is CVE-2024-6620 since 07/09/2024. The exploitation is known to be easy. The attack can only be initiated within the local network. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available.
Upgrading to version T10.20.060398 eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.5VulDB Meta Temp Score: 3.4
VulDB Base Score: 3.5
VulDB Temp Score: 3.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 3.5
CNA Vector (Honeywell): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Client-side enforcement of server-side securityCWE: CWE-602
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: PC42t/PC42tp/PC42d T10.20.060398
Timeline
07/09/2024 🔍07/29/2024 🔍
07/29/2024 🔍
03/16/2025 🔍
Sources
Advisory: sps.honeywell.comStatus: Confirmed
CVE: CVE-2024-6620 (🔍)
GCVE (CVE): GCVE-0-2024-6620
GCVE (VulDB): GCVE-100-272813
Entry
Created: 07/29/2024 23:02Updated: 03/16/2025 16:38
Changes: 07/29/2024 23:02 (61), 07/31/2024 00:09 (1), 03/16/2025 16:38 (4)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.