CVE-2023-40145 - OpenCVE

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Weintek	Cmt-fhd Firmware Cmt-hdm Cmt3103 Cmt3072 Firmware Cmt3071 Cmt3151 Cmt-fhd Cmt3072 Cmt3151 Firmware Cmt3071 Firmware Cmt3090 Firmware Cmt3090 Cmt3103 Firmware Cmt-hdm Firmware

Configuration 1 [-]

AND

cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*

References

Link	Resource
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf	Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2023-10-19T19:26:20.948Z

Updated: 2023-10-19T19:26:20.948Z

Reserved: 2023-09-20T14:26:47.028Z

Link: CVE-2023-40145

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-19T20:15:09.150

Modified: 2023-10-26T14:26:42.150

Link: CVE-2023-40145

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-40145", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-09-20T14:26:47.028Z", "datePublished": "2023-10-19T19:26:20.948Z", "dateUpdated": "2023-10-19T19:26:20.948Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "cMT-FHD", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210210 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT-HDM", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210204 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3071", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3072", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3103", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3090", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3151", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."}], "datePublic": "2023-10-12T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.</span>\n\n</span>\n\n</span></span></span>"}], "value": "\n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-10-19T19:26:20.948Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"}, {"url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n<p>Weintek recommends users follow their <a target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\">Upgrade Instructions</a> to update the following products to the latest versions:</p><ul><li>cMT-FHD: OS version 20210211</li><li>cMT-HDM: OS version 20210205</li><li>cMT3071: OS version 20210219</li><li>cMT3072: OS version 20210219</li><li>cMT3103: OS version 20210219</li><li>cMT3090: OS version 20210219</li><li>cMT3151: OS version 20210219</li></ul><p>For additional information, refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\">Weintek's security bulletin</a>.</p>\n\n\n\n\n\n<br>"}], "value": "\n\n\n\n\nWeintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n * cMT-FHD: OS version 20210211\n * cMT-HDM: OS version 20210205\n * cMT3071: OS version 20210219\n * cMT3072: OS version 20210219\n * cMT3103: OS version 20210219\n * cMT3090: OS version 20210219\n * cMT3151: OS version 20210219\n\n\nFor additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"}], "source": {"advisory": "ICSMA-23-285-12", "discovery": "EXTERNAL"}, "title": "Weintek cMT3000 HMI Web CGI OS Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33538560-F796-4D1D-AA52-63DB5FD817BF", "versionEndExcluding": "20210212", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*", "matchCriteriaId": "A132B170-A1FC-4D38-9965-0FF47B944FD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52502356-D835-4468-BCA6-875177B562F8", "versionEndExcluding": "20210206", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*", "matchCriteriaId": "E08E3518-A03F-486D-B67A-013F67026D78", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "210A03BC-C9BB-4832-BDB2-2EB5E87FD13A", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4DE53C8-09D5-4D5E-97EE-A89E1478CD65", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17422509-5131-48A3-8C9A-ECA4332C33F0", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3F83A8D-1489-48AA-911B-5BA561A57896", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E5B9225-364C-46BD-BCB4-E151923855CC", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*", "matchCriteriaId": "79C1F694-08A2-46E7-95C2-8DFA3D64423B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*", "matchCriteriaId": "F607716E-7B7B-4620-819C-F44341B8C37F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F72B48-B2CE-4580-B4CC-49879CA6074B", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF5326B-5E33-4C11-9AC6-A90357078FCA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\n\n\n\n"}, {"lang": "es", "value": "En el dispositivo cMT3000 HMI Web CGI de Weintek, un atacante an\u00f3nimo puede ejecutar comandos arbitrarios despu\u00e9s de iniciar sesi\u00f3n en el dispositivo."}], "id": "CVE-2023-40145", "lastModified": "2023-10-26T14:26:42.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-10-19T20:15:09.150", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}