CVE-2023-40145
published 2023-10-19CVE-2023-40145: In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.17%
63.4th percentile
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| weintek | cmt-fhd | <= 20210210 | — |
| weintek | cmt-fhd_firmware | < 20210212 | 20210212 |
| weintek | cmt-hdm | <= 20210204 | — |
| weintek | cmt-hdm_firmware | < 20210206 | 20210206 |
| weintek | cmt3071 | <= 20210218 | — |
| weintek | cmt3071_firmware | < 20210220 | 20210220 |
| weintek | cmt3072 | <= 20210218 | — |
| weintek | cmt3072_firmware | < 20210220 | 20210220 |
| weintek | cmt3090 | <= 20210218 | — |
| weintek | cmt3090_firmware | < 20210220 | 20210220 |
| weintek | cmt3103 | <= 20210218 | — |
| weintek | cmt3103_firmware | < 20210220 | 20210220 |
| weintek | cmt3151 | <= 20210218 | — |
| weintek | cmt3151_firmware | < 20210220 | 20210220 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-40145 is an OS Command Injection (CWE-78) vulnerability in Weintek cMT3000 HMI Web CGI; monitor for unexpected OS command execution originating from CGI processes on affected HMI devices after authenticated sessions are established. ↗
- →Monitor HTTP requests targeting /cgi-bin/command_wb.cgi and /cgi-bin/codesys.cgi on Weintek cMT3000-series HMIs for anomalous or oversized input that may indicate buffer overflow or command injection exploitation attempts. ↗
- ·CVE-2023-40145 (OS Command Injection, CVSS 8.8) requires the attacker to be logged in (PR:L), whereas the companion buffer overflow CVEs (CVE-2023-38584, CVE-2023-43492, CVSS 9.8) require no authentication (PR:N); chaining the buffer overflow for auth bypass with this command injection is a realistic attack path. ↗
- ·No known public exploitation has been reported at time of advisory publication; however, the vulnerability is remotely exploitable with low attack complexity. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rqj6-qq4v-5w96: In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device
ghsa_unreviewed·2023-10-19
CVE-2023-40145 [HIGH] CWE-78 GHSA-rqj6-qq4v-5w96: In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
CISA ICS
Weintek cMT3000 HMI Web CGI
cisa_ics·2023-10-12·CVSS 9.8
[CRITICAL] Weintek cMT3000 HMI Web CGI
ICS Advisory
##
Weintek cMT3000 HMI Web CGI
Release DateOctober 12, 2023
Alert CodeICSA-23-285-12
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Weintek
- Equipment: cMT3000 CMI Web CGI
- Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Weintek products are affected:
- cMT-FHD: OS version 20210210 or prior.
- cMT-HDM: OS version 20210204 or prior.
- cMT3071: OS version 20210218 or prior.
- cMT3072: OS version 20210218 or prior
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-19
Published