CVE-2023-43492 - OpenCVE

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Weintek	Cmt-fhd Cmt-fhd Firmware Cmt-hdm Cmt-hdm Firmware Cmt3071 Cmt3071 Firmware Cmt3072 Cmt3072 Firmware Cmt3090 Cmt3090 Firmware Cmt3103 Cmt3103 Firmware Cmt3151 Cmt3151 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*

cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*

cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*

cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*

cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*

cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*

cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*

cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2023-10-19T19:28:59.236Z

Updated: 2024-08-02T19:44:43.206Z

Reserved: 2023-09-20T14:26:47.014Z

Link: CVE-2023-43492

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-10-19T20:15:09.230

Modified: 2023-10-30T14:33:25.570

Link: CVE-2023-43492

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43492", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2023-09-20T14:26:47.014Z", "datePublished": "2023-10-19T19:28:59.236Z", "dateUpdated": "2024-08-02T19:44:43.206Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "cMT-FHD", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210210 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT-HDM", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210204 ", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3071", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3072", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3103", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3090", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "cMT3151", "vendor": "Weintek", "versions": [{"lessThanOrEqual": "20210218", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."}], "datePublic": "2023-10-12T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.</span>\n\n</span>\n\n</span></span></span>"}], "value": "\n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2023-10-19T19:28:59.236Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"}, {"url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n<p>Weintek recommends users follow their <a target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\">Upgrade Instructions</a> to update the following products to the latest versions:</p><ul><li>cMT-FHD: OS version 20210211</li><li>cMT-HDM: OS version 20210205</li><li>cMT3071: OS version 20210219</li><li>cMT3072: OS version 20210219</li><li>cMT3103: OS version 20210219</li><li>cMT3090: OS version 20210219</li><li>cMT3151: OS version 20210219</li></ul><p>For additional information, refer to <a target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\">Weintek's security bulletin</a>.</p>\n\n\n\n\n\n<br>"}], "value": "\n\n\n\n\nWeintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n * cMT-FHD: OS version 20210211\n * cMT-HDM: OS version 20210205\n * cMT3071: OS version 20210219\n * cMT3072: OS version 20210219\n * cMT3103: OS version 20210219\n * cMT3090: OS version 20210219\n * cMT3151: OS version 20210219\n\n\nFor additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"}], "source": {"advisory": "ICSMA-23-285-12", "discovery": "EXTERNAL"}, "title": "Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:44:43.206Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12", "tags": ["x_transferred"]}, {"url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*", "matchCriteriaId": "A132B170-A1FC-4D38-9965-0FF47B944FD5", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33538560-F796-4D1D-AA52-63DB5FD817BF", "versionEndExcluding": "20210212", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*", "matchCriteriaId": "E08E3518-A03F-486D-B67A-013F67026D78", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "52502356-D835-4468-BCA6-875177B562F8", "versionEndExcluding": "20210206", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4DE53C8-09D5-4D5E-97EE-A89E1478CD65", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "210A03BC-C9BB-4832-BDB2-2EB5E87FD13A", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3F83A8D-1489-48AA-911B-5BA561A57896", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17422509-5131-48A3-8C9A-ECA4332C33F0", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*", "matchCriteriaId": "79C1F694-08A2-46E7-95C2-8DFA3D64423B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E5B9225-364C-46BD-BCB4-E151923855CC", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*", "matchCriteriaId": "F607716E-7B7B-4620-819C-F44341B8C37F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FF5326B-5E33-4C11-9AC6-A90357078FCA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82F72B48-B2CE-4580-B4CC-49879CA6074B", "versionEndExcluding": "20210220", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n"}, {"lang": "es", "value": "En el dispositivo cMT3000 HMI Web CGI de Weintek, el cgi-bin codesys.cgi contiene un desbordamiento de b\u00fafer basado en pila, que podr\u00eda permitir a un atacante an\u00f3nimo secuestrar el flujo de control y evitar la autenticaci\u00f3n de inicio de sesi\u00f3n."}], "id": "CVE-2023-43492", "lastModified": "2023-10-30T14:33:25.570", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2023-10-19T20:15:09.230", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Exploit", "Vendor Advisory"], "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}