Lucene search

IcscertCVELIST:CVE-2023-0104

HistoryFeb 22, 2023 - 8:25 p.m.

CVE-2023-0104

2023-02-2220:25:04

CWE-29

icscert

www.cve.org

weintek easybuilder pro

zipslip attack

malicious project file

control

sensitive data

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "EasyBuilder Pro cMT ",
    "vendor": "Weintek",
    "versions": [
      {
        "lessThanOrEqual": "6.07.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "6.07.02.479 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "6.08.01.349 ",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-23-045-01

CVSS3

9.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H

AI Score

9.5

Confidence

High

EPSS

0.001

Percentile

25.6%

JSON

Related for CVELIST:CVE-2023-0104