Lucene search
IcscertCVE-2023-40145HistoryOct 19, 2023 - 8:15 p.m.
CVE-2023-40145
2023-10-1920:15:09
CWE-78
icscert
web.nvd.nist.gov
26
weintek
cmt3000
hmi
web
cgi
arbitrary command execution
cve-2023-40145
nvd
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
26.5%
In Weintekβs cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
Affected configurations
Node
weintekcmt-fhd_firmwareRange<20210212
weintekcmt-fhdMatch-
Node
weintekcmt-hdm_firmwareRange<20210206
weintekcmt-hdmMatch-
Node
weintekcmt3071_firmwareRange<20210220
weintekcmt3071Match-
Node
weintekcmt3072_firmwareRange<20210220
weintekcmt3072Match-
Node
weintekcmt3090_firmwareRange<20210220
weintekcmt3090Match-
Node
weintekcmt3103_firmwareRange<20210220
weintekcmt3103Match-
Node
weintekcmt3151_firmwareRange<20210220
weintekcmt3151Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| weintek | cmt-fhd_firmware | * | cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:* |
| weintek | cmt-fhd | - | cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:* |
| weintek | cmt-hdm_firmware | * | cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:* |
| weintek | cmt-hdm | - | cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:* |
| weintek | cmt3071_firmware | * | cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:* |
| weintek | cmt3071 | - | cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:* |
| weintek | cmt3072_firmware | * | cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:* |
| weintek | cmt3072 | - | cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:* |
| weintek | cmt3090_firmware | * | cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:* |
| weintek | cmt3090 | - | cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "cMT-FHD",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210210 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT-HDM",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210204 ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3071",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3072",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3103",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3090",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "cMT3151",
"vendor": "Weintek",
"versions": [
{
"lessThanOrEqual": "20210218",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-40145
2023-10-19 20:15:09
cvelist
cvelist
CVE-2023-40145 Weintek cMT3000 HMI Web CGI OS Command Injection
2023-10-19 19:26:20
prion
prion
Command injection
2023-10-19 20:15:00
ics
ics
Weintek cMT3000 HMI Web CGI
2023-10-12 12:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
26.5%
Related for CVE-2023-40145