CVE-2023-40145 : What You Need to Know
Learn about the CVE-2023-40145 vulnerability in Weintek's cMT3000 HMI Web CGI device, allowing attackers to execute arbitrary commands. Follow mitigation steps provided by Weintek for protection.
A vulnerability has been discovered in Weintek's cMT3000 HMI Web CGI device, allowing an attacker to execute arbitrary commands after login. Here's what you need to know about CVE-2023-40145.
Understanding CVE-2023-40145
Weintek's cMT3000 HMI Web CGI device is vulnerable to OS command injection, posing a significant risk to the system's confidentiality, integrity, and availability.
What is CVE-2023-40145?
In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
The Impact of CVE-2023-40145
With a CVSS base score of 8.8 (High Severity), this vulnerability has a high impact on confidentiality, integrity, and availability. The attack complexity is low, and privileges required are minimal, making it easier for threat actors to exploit.
Technical Details of CVE-2023-40145
The vulnerability is classified under CWE-78 OS Command Injection and has been reported by Hank Chen from TXOne Networks to CISA. It affects multiple Weintek products including cMT-FHD, cMT-HDM, cMT3071, cMT3072, cMT3103, cMT3090, and cMT3151.
Vulnerability Description
The flaw allows an anonymous attacker to execute arbitrary commands post-login on the affected Weintek devices.
Affected Systems and Versions
Weintek cMT3000 HMI Web CGI devices with versions less than or equal to 20210218 are affected by this vulnerability.
Exploitation Mechanism
The vulnerability can be exploited by a remote, unauthenticated attacker with network access to the affected device.
Mitigation and Prevention
Weintek has provided recommendations to mitigate the risk associated with CVE-2023-40145.
Immediate Steps to Take
Users are advised to follow Weintek's Upgrade Instructions to update the affected products to the latest secure versions:
- cMT-FHD: OS version 20210211
- cMT-HDM: OS version 20210205
- cMT3071: OS version 20210219
- cMT3072: OS version 20210219
- cMT3103: OS version 20210219
- cMT3090: OS version 20210219
- cMT3151: OS version 20210219
Long-Term Security Practices
In addition to immediate patching, organizations should implement robust security measures such as network segmentation, access controls, and regular security assessments.
Patching and Updates
For additional information and detailed steps, refer to Weintek's security bulletin available on their website.