CVE-2023-43492 - OpenCVE

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Weintek	Cmt-fhd Firmware Cmt-hdm Cmt3103 Cmt3072 Firmware Cmt3071 Cmt3151 Cmt-fhd Cmt3072 Cmt3151 Firmware Cmt3071 Firmware Cmt3090 Firmware Cmt3090 Cmt3103 Firmware Cmt-hdm Firmware

Configuration 1 [-]

AND

cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*

References

Link	Resource
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf	Exploit Vendor Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2023-10-19T19:28:59.236Z

Updated: 2023-10-19T19:28:59.236Z

Reserved: 2023-09-20T14:26:47.014Z

Link: CVE-2023-43492

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-19T20:15:09.230

Modified: 2023-10-30T14:33:25.570

Link: CVE-2023-43492

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-43492", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-09-20T14:26:47.014Z", "datePublished": "2023-10-19T19:28:59.236Z", "dateUpdated": "2023-10-19T19:28:59.236Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "cMT-FHD", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210210 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT-HDM", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210204 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3071", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3072", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3103", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3090", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3151", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."}], "datePublic": "2023-10-12T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.</span>\n\n</span>\n\n</span></span></span>"}], "value": "\n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-10-19T19:28:59.236Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"}, {"url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n<p>Weintek recommends users follow their <a target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\">Upgrade Instructions</a> to update the following products to the latest versions:</p><ul><li>cMT-FHD: OS version 20210211</li><li>cMT-HDM: OS version 20210205</li><li>cMT3071: OS version 20210219</li><li>cMT3072: OS version 20210219</li><li>cMT3103: OS version 20210219</li><li>cMT3090: OS version 20210219</li><li>cMT3151: OS version 20210219</li></ul><p>For additional information, refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\">Weintek's security bulletin</a>.</p>\n\n\n\n\n\n<br>"}], "value": "\n\n\n\n\nWeintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n * cMT-FHD: OS version 20210211\n * cMT-HDM: OS version 20210205\n * cMT3071: OS version 20210219\n * cMT3072: OS version 20210219\n * cMT3103: OS version 20210219\n * cMT3090: OS version 20210219\n * cMT3151: OS version 20210219\n\n\nFor additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"}], "source": {"advisory": "ICSMA-23-285-12", "discovery": "EXTERNAL"}, "title": "Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33538560-F796-4D1D-AA52-63DB5FD817BF", "versionEndExcluding": "20210212", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*", "matchCriteriaId": "A132B170-A1FC-4D38-9965-0FF47B944FD5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52502356-D835-4468-BCA6-875177B562F8", "versionEndExcluding": "20210206", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*", "matchCriteriaId": "E08E3518-A03F-486D-B67A-013F67026D78", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "210A03BC-C9BB-4832-BDB2-2EB5E87FD13A", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4DE53C8-09D5-4D5E-97EE-A89E1478CD65", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17422509-5131-48A3-8C9A-ECA4332C33F0", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3F83A8D-1489-48AA-911B-5BA561A57896", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E5B9225-364C-46BD-BCB4-E151923855CC", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*", "matchCriteriaId": "79C1F694-08A2-46E7-95C2-8DFA3D64423B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*", "matchCriteriaId": "F607716E-7B7B-4620-819C-F44341B8C37F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F72B48-B2CE-4580-B4CC-49879CA6074B", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF5326B-5E33-4C11-9AC6-A90357078FCA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n"}, {"lang": "es", "value": "En el dispositivo cMT3000 HMI Web CGI de Weintek, el cgi-bin codesys.cgi contiene un desbordamiento de b\u00fafer basado en pila, que podr\u00eda permitir a un atacante an\u00f3nimo secuestrar el flujo de control y evitar la autenticaci\u00f3n de inicio de sesi\u00f3n."}], "id": "CVE-2023-43492", "lastModified": "2023-10-30T14:33:25.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-10-19T20:15:09.230", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit", "Vendor Advisory"], "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}