Lucene search
IcscertCVE-2023-0104HistoryFeb 22, 2023 - 9:15 p.m.
CVE-2023-0104
2023-02-2221:15:11
CWE-29
CWE-22
icscert
web.nvd.nist.gov
19
weintek easybuilder pro
zipslip attack
cve-2023-0104
vulnerability
decompiling
malicious project file
computer security
data breach
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
25.6%
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.
Affected configurations
Node
weintekeasybuilder_proRange<6.07.02.480
ORweintekeasybuilder_proRange6.08.01.190–6.08.01.350
| Vendor | Product | Version | CPE |
|---|---|---|---|
| weintek | easybuilder_pro | * | cpe:2.3:a:weintek:easybuilder_pro:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "EasyBuilder Pro cMT ",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "6.07.01",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.07.02.479 ",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.08.01.349 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2023-02-22 21:15:00
ics
ics
Weintek EasyBuilder Pro cMT Series
2023-02-14 12:00:00
nvd
nvd
CVE-2023-0104
2023-02-22 21:15:11
cvelist
cvelist
CVE-2023-0104
2023-02-22 20:25:04
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
25.6%
Related for CVE-2023-0104