cbcvebase.
CVE-2023-40145
published 2023-10-19

CVE-2023-40145: In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.17%
63.4th percentile
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

Affected

14 ranges
VendorProductVersion rangeFixed in
weintekcmt-fhd<= 20210210
weintekcmt-fhd_firmware< 2021021220210212
weintekcmt-hdm<= 20210204
weintekcmt-hdm_firmware< 2021020620210206
weintekcmt3071<= 20210218
weintekcmt3071_firmware< 2021022020210220
weintekcmt3072<= 20210218
weintekcmt3072_firmware< 2021022020210220
weintekcmt3090<= 20210218
weintekcmt3090_firmware< 2021022020210220
weintekcmt3103<= 20210218
weintekcmt3103_firmware< 2021022020210220
weintekcmt3151<= 20210218
weintekcmt3151_firmware< 2021022020210220

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/command_wb.cgi
path/cgi-bin/codesys.cgi
  • CVE-2023-40145 is an OS Command Injection (CWE-78) vulnerability in Weintek cMT3000 HMI Web CGI; monitor for unexpected OS command execution originating from CGI processes on affected HMI devices after authenticated sessions are established.
  • Monitor HTTP requests targeting /cgi-bin/command_wb.cgi and /cgi-bin/codesys.cgi on Weintek cMT3000-series HMIs for anomalous or oversized input that may indicate buffer overflow or command injection exploitation attempts.
  • ·CVE-2023-40145 (OS Command Injection, CVSS 8.8) requires the attacker to be logged in (PR:L), whereas the companion buffer overflow CVEs (CVE-2023-38584, CVE-2023-43492, CVSS 9.8) require no authentication (PR:N); chaining the buffer overflow for auth bypass with this command injection is a realistic attack path.
  • ·No known public exploitation has been reported at time of advisory publication; however, the vulnerability is remotely exploitable with low attack complexity.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.