CVE-2023-40145 (GCVE-0-2023-40145)

Vulnerability from cvelistv5 – Published: 2023-10-19 19:26 – Updated: 2025-01-16 21:28
VLAI
Title
Weintek cMT3000 HMI Web CGI OS Command Injection
Summary
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
Severity
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-78 - OS Command Injection
Assigner
References
Impacted products
Vendor Product Version
Weintek cMT-FHD Affected: 0 , ≤ 20210210 (custom)
Create a notification for this product.
Weintek cMT-HDM Affected: 0 , ≤ 20210204 (custom)
Create a notification for this product.
Weintek cMT3071 Affected: 0 , ≤ 20210218 (custom)
Create a notification for this product.
Weintek cMT3072 Affected: 0 , ≤ 20210218 (custom)
Create a notification for this product.
Weintek cMT3103 Affected: 0 , ≤ 20210218 (custom)
Create a notification for this product.
Weintek cMT3090 Affected: 0 , ≤ 20210218 (custom)
Create a notification for this product.
Weintek cMT3151 Affected: 0 , ≤ 20210218 (custom)
Create a notification for this product.
Date Public
2023-10-12 17:00
Credits
Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:24:55.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:20:09.729366Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:28:39.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "cMT-FHD",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "20210210 ",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "cMT-HDM",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "20210204 ",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "cMT3071",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "20210218",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "cMT3072",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "20210218",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "cMT3103",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "20210218",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "cMT3090",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "20210218",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "cMT3151",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "20210218",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2023-10-12T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-19T19:26:20.948Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
        },
        {
          "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "\n\n\n\n\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n  *  cMT-FHD: OS version 20210211\n  *  cMT-HDM: OS version 20210205\n  *  cMT3071: OS version 20210219\n  *  cMT3072: OS version 20210219\n  *  cMT3103: OS version 20210219\n  *  cMT3090: OS version 20210219\n  *  cMT3151: OS version 20210219\n\n\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
        }
      ],
      "source": {
        "advisory": "ICSMA-23-285-12",
        "discovery": "EXTERNAL"
      },
      "title": "Weintek cMT3000 HMI Web CGI OS Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-40145",
    "datePublished": "2023-10-19T19:26:20.948Z",
    "dateReserved": "2023-09-20T14:26:47.028Z",
    "dateUpdated": "2025-01-16T21:28:39.035Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-40145",
      "date": "2026-05-29",
      "epss": "0.00406",
      "percentile": "0.61332"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20210212\", \"matchCriteriaId\": \"33538560-F796-4D1D-AA52-63DB5FD817BF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A132B170-A1FC-4D38-9965-0FF47B944FD5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20210206\", \"matchCriteriaId\": \"52502356-D835-4468-BCA6-875177B562F8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E08E3518-A03F-486D-B67A-013F67026D78\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20210220\", \"matchCriteriaId\": \"210A03BC-C9BB-4832-BDB2-2EB5E87FD13A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4DE53C8-09D5-4D5E-97EE-A89E1478CD65\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20210220\", \"matchCriteriaId\": \"17422509-5131-48A3-8C9A-ECA4332C33F0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3F83A8D-1489-48AA-911B-5BA561A57896\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20210220\", \"matchCriteriaId\": \"3E5B9225-364C-46BD-BCB4-E151923855CC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79C1F694-08A2-46E7-95C2-8DFA3D64423B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20210220\", \"matchCriteriaId\": \"3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F607716E-7B7B-4620-819C-F44341B8C37F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20210220\", \"matchCriteriaId\": \"82F72B48-B2CE-4580-B4CC-49879CA6074B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FF5326B-5E33-4C11-9AC6-A90357078FCA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\n\\n\\n\\n\\n\\n\\n\\n\\nIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\\n\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"En el dispositivo cMT3000 HMI Web CGI de Weintek, un atacante an\\u00f3nimo puede ejecutar comandos arbitrarios despu\\u00e9s de iniciar sesi\\u00f3n en el dispositivo.\"}]",
      "id": "CVE-2023-40145",
      "lastModified": "2024-11-21T08:18:52.030",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-10-19T20:15:09.150",
      "references": "[{\"url\": \"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-40145\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-10-19T20:15:09.150\",\"lastModified\":\"2024-11-21T08:18:52.030\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\n\\n\\n\\n\\n\\n\\n\\n\\nIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\\n\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"En el dispositivo cMT3000 HMI Web CGI de Weintek, un atacante an\u00f3nimo puede ejecutar comandos arbitrarios despu\u00e9s de iniciar sesi\u00f3n en el dispositivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210212\",\"matchCriteriaId\":\"33538560-F796-4D1D-AA52-63DB5FD817BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A132B170-A1FC-4D38-9965-0FF47B944FD5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210206\",\"matchCriteriaId\":\"52502356-D835-4468-BCA6-875177B562F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08E3518-A03F-486D-B67A-013F67026D78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210220\",\"matchCriteriaId\":\"210A03BC-C9BB-4832-BDB2-2EB5E87FD13A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4DE53C8-09D5-4D5E-97EE-A89E1478CD65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210220\",\"matchCriteriaId\":\"17422509-5131-48A3-8C9A-ECA4332C33F0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F83A8D-1489-48AA-911B-5BA561A57896\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210220\",\"matchCriteriaId\":\"3E5B9225-364C-46BD-BCB4-E151923855CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C1F694-08A2-46E7-95C2-8DFA3D64423B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210220\",\"matchCriteriaId\":\"3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F607716E-7B7B-4620-819C-F44341B8C37F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20210220\",\"matchCriteriaId\":\"82F72B48-B2CE-4580-B4CC-49879CA6074B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF5326B-5E33-4C11-9AC6-A90357078FCA\"}]}]}],\"references\":[{\"url\":\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:24:55.542Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-40145\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-16T21:20:09.729366Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-16T21:20:11.183Z\"}}], \"cna\": {\"title\": \"Weintek cMT3000 HMI Web CGI OS Command Injection\", \"source\": {\"advisory\": \"ICSMA-23-285-12\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Weintek\", \"product\": \"cMT-FHD\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20210210 \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weintek\", \"product\": \"cMT-HDM\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20210204 \"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weintek\", \"product\": \"cMT3071\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20210218\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weintek\", \"product\": \"cMT3072\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20210218\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weintek\", \"product\": \"cMT3103\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20210218\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weintek\", \"product\": \"cMT3090\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20210218\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Weintek\", \"product\": \"cMT3151\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20210218\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\n\\n\\n\\n\\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \\u00a0to update the following products to the latest versions:\\n\\n  *  cMT-FHD: OS version 20210211\\n  *  cMT-HDM: OS version 20210205\\n  *  cMT3071: OS version 20210219\\n  *  cMT3072: OS version 20210219\\n  *  cMT3103: OS version 20210219\\n  *  cMT3090: OS version 20210219\\n  *  cMT3151: OS version 20210219\\n\\n\\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\\n\\n\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\\n\\n\\n\\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\\\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\\\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-10-12T17:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12\"}, {\"url\": \"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\n\\n\\n\\n\\n\\n\\n\\n\\nIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\u003c/span\u003e\\n\\n\u003c/span\u003e\\n\\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 OS Command Injection\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-10-19T19:26:20.948Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-40145\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-16T21:28:39.035Z\", \"dateReserved\": \"2023-09-20T14:26:47.028Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2023-10-19T19:26:20.948Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.