CVE-2023-43492

Published Oct 19, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-787
ics-cert@hq.dhs.gov: CWE-121

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A132B170-A1FC-4D38-9965-0FF47B944FD5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33538560-F796-4D1D-AA52-63DB5FD817BF",
            "versionEndExcluding": "20210212"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E08E3518-A03F-486D-B67A-013F67026D78"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52502356-D835-4468-BCA6-875177B562F8",
            "versionEndExcluding": "20210206"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A4DE53C8-09D5-4D5E-97EE-A89E1478CD65"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "210A03BC-C9BB-4832-BDB2-2EB5E87FD13A",
            "versionEndExcluding": "20210220"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E3F83A8D-1489-48AA-911B-5BA561A57896"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17422509-5131-48A3-8C9A-ECA4332C33F0",
            "versionEndExcluding": "20210220"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "79C1F694-08A2-46E7-95C2-8DFA3D64423B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E5B9225-364C-46BD-BCB4-E151923855CC",
            "versionEndExcluding": "20210220"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F607716E-7B7B-4620-819C-F44341B8C37F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA",
            "versionEndExcluding": "20210220"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9FF5326B-5E33-4C11-9AC6-A90357078FCA"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82F72B48-B2CE-4580-B4CC-49879CA6074B",
            "versionEndExcluding": "20210220"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References