Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for cmt-fhd by weintek

    CVE-2023-43492 (GCVE-0-2023-43492)

    Vulnerability from nvd – Published: 2023-10-19 19:28 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow
    Summary
    In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Weintek cMT-FHD Affected: 0 , ≤ 20210210 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: 0 , ≤ 20210204 (custom)
    Create a notification for this product.
    Weintek cMT3071 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3072 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3103 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3090 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3151 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Date Public
    2023-10-12 17:00
    Credits
    Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:44:43.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:40.211272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:29.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210210 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210204 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3071",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3103",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3090",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-10-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T19:28:59.236Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
            },
            {
              "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\n\n\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n  *  cMT-FHD: OS version 20210211\n  *  cMT-HDM: OS version 20210205\n  *  cMT3071: OS version 20210219\n  *  cMT3072: OS version 20210219\n  *  cMT3103: OS version 20210219\n  *  cMT3090: OS version 20210219\n  *  cMT3151: OS version 20210219\n\n\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSMA-23-285-12",
            "discovery": "EXTERNAL"
          },
          "title": "Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-43492",
        "datePublished": "2023-10-19T19:28:59.236Z",
        "dateReserved": "2023-09-20T14:26:47.014Z",
        "dateUpdated": "2025-01-16T21:28:29.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40145 (GCVE-0-2023-40145)

    Vulnerability from nvd – Published: 2023-10-19 19:26 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Weintek cMT3000 HMI Web CGI OS Command Injection
    Summary
    In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    Weintek cMT-FHD Affected: 0 , ≤ 20210210 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: 0 , ≤ 20210204 (custom)
    Create a notification for this product.
    Weintek cMT3071 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3072 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3103 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3090 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3151 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Date Public
    2023-10-12 17:00
    Credits
    Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:24:55.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40145",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:09.729366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:39.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210210 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210204 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3071",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3103",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3090",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-10-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T19:26:20.948Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
            },
            {
              "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\n\n\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n  *  cMT-FHD: OS version 20210211\n  *  cMT-HDM: OS version 20210205\n  *  cMT3071: OS version 20210219\n  *  cMT3072: OS version 20210219\n  *  cMT3103: OS version 20210219\n  *  cMT3090: OS version 20210219\n  *  cMT3151: OS version 20210219\n\n\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSMA-23-285-12",
            "discovery": "EXTERNAL"
          },
          "title": "Weintek cMT3000 HMI Web CGI OS Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-40145",
        "datePublished": "2023-10-19T19:26:20.948Z",
        "dateReserved": "2023-09-20T14:26:47.028Z",
        "dateUpdated": "2025-01-16T21:28:39.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38584 (GCVE-0-2023-38584)

    Vulnerability from nvd – Published: 2023-10-19 19:20 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow
    Summary
    In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Weintek cMT-FHD Affected: 0 , ≤ 20210210 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: 0 , ≤ 20210204 (custom)
    Create a notification for this product.
    Weintek cMT3071 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3072 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3103 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3090 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3151 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Date Public
    2023-10-12 17:00
    Credits
    Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:44.800664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:46.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210210 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210204 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3071",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3103",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3090",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-10-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T19:20:20.059Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
            },
            {
              "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\n\n\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n  *  cMT-FHD: OS version 20210211\n  *  cMT-HDM: OS version 20210205\n  *  cMT3071: OS version 20210219\n  *  cMT3072: OS version 20210219\n  *  cMT3103: OS version 20210219\n  *  cMT3090: OS version 20210219\n  *  cMT3151: OS version 20210219\n\n\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSMA-23-285-12",
            "discovery": "EXTERNAL"
          },
          "title": "Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-38584",
        "datePublished": "2023-10-19T19:20:20.059Z",
        "dateReserved": "2023-09-20T14:26:47.021Z",
        "dateUpdated": "2025-01-16T21:28:46.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27446 (GCVE-0-2021-27446)

    Vulnerability from nvd – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Code Injection
    Summary
    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:54.929455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:16.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27446",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Code Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27446",
        "datePublished": "2022-05-16T17:15:44.847Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:16.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27444 (GCVE-0-2021-27444)

    Vulnerability from nvd – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Improper Access Control
    Summary
    The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:59.080295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27444",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Improper Access Control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27444",
        "datePublished": "2022-05-16T17:15:15.597Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:25.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27442 (GCVE-0-2021-27442)

    Vulnerability from nvd – Published: 2022-05-16 17:13 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Cross-site Scripting
    Summary
    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:55:04.749781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:32.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Cross-site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:13:17.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27442",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Cross-site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Cross-site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27442",
        "datePublished": "2022-05-16T17:13:17.743Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:32.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-43492 (GCVE-0-2023-43492)

    Vulnerability from cvelistv5 – Published: 2023-10-19 19:28 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow
    Summary
    In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Weintek cMT-FHD Affected: 0 , ≤ 20210210 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: 0 , ≤ 20210204 (custom)
    Create a notification for this product.
    Weintek cMT3071 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3072 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3103 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3090 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3151 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Date Public
    2023-10-12 17:00
    Credits
    Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:44:43.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43492",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:40.211272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:29.900Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210210 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210204 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3071",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3103",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3090",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-10-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T19:28:59.236Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
            },
            {
              "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\n\n\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n  *  cMT-FHD: OS version 20210211\n  *  cMT-HDM: OS version 20210205\n  *  cMT3071: OS version 20210219\n  *  cMT3072: OS version 20210219\n  *  cMT3103: OS version 20210219\n  *  cMT3090: OS version 20210219\n  *  cMT3151: OS version 20210219\n\n\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSMA-23-285-12",
            "discovery": "EXTERNAL"
          },
          "title": "Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-43492",
        "datePublished": "2023-10-19T19:28:59.236Z",
        "dateReserved": "2023-09-20T14:26:47.014Z",
        "dateUpdated": "2025-01-16T21:28:29.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40145 (GCVE-0-2023-40145)

    Vulnerability from cvelistv5 – Published: 2023-10-19 19:26 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Weintek cMT3000 HMI Web CGI OS Command Injection
    Summary
    In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - OS Command Injection
    Assigner
    Impacted products
    Vendor Product Version
    Weintek cMT-FHD Affected: 0 , ≤ 20210210 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: 0 , ≤ 20210204 (custom)
    Create a notification for this product.
    Weintek cMT3071 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3072 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3103 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3090 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3151 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Date Public
    2023-10-12 17:00
    Credits
    Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:24:55.542Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40145",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:20:09.729366Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:39.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210210 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210204 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3071",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3103",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3090",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-10-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.\n\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 OS Command Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T19:26:20.948Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
            },
            {
              "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\n\n\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n  *  cMT-FHD: OS version 20210211\n  *  cMT-HDM: OS version 20210205\n  *  cMT3071: OS version 20210219\n  *  cMT3072: OS version 20210219\n  *  cMT3103: OS version 20210219\n  *  cMT3090: OS version 20210219\n  *  cMT3151: OS version 20210219\n\n\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSMA-23-285-12",
            "discovery": "EXTERNAL"
          },
          "title": "Weintek cMT3000 HMI Web CGI OS Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-40145",
        "datePublished": "2023-10-19T19:26:20.948Z",
        "dateReserved": "2023-09-20T14:26:47.028Z",
        "dateUpdated": "2025-01-16T21:28:39.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38584 (GCVE-0-2023-38584)

    Vulnerability from cvelistv5 – Published: 2023-10-19 19:20 – Updated: 2025-01-16 21:28
    VLAI
    Title
    Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow
    Summary
    In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Weintek cMT-FHD Affected: 0 , ≤ 20210210 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: 0 , ≤ 20210204 (custom)
    Create a notification for this product.
    Weintek cMT3071 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3072 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3103 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3090 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Weintek cMT3151 Affected: 0 , ≤ 20210218 (custom)
    Create a notification for this product.
    Date Public
    2023-10-12 17:00
    Credits
    Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38584",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-16T21:22:44.800664Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-16T21:28:46.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210210 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210204 ",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3071",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3103",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3090",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThanOrEqual": "20210218",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2023-10-12T17:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e"
                }
              ],
              "value": "\n\n\n\n\n\n\nIn Weintek\u0027s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-19T19:20:20.059Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12"
            },
            {
              "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\u003cp\u003eWeintek recommends users follow their \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf\"\u003eUpgrade Instructions\u003c/a\u003e\u0026nbsp;to update the following products to the latest versions:\u003c/p\u003e\u003cul\u003e\u003cli\u003ecMT-FHD: OS version 20210211\u003c/li\u003e\u003cli\u003ecMT-HDM: OS version 20210205\u003c/li\u003e\u003cli\u003ecMT3071: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3072: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3103: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3090: OS version 20210219\u003c/li\u003e\u003cli\u003ecMT3151: OS version 20210219\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eFor additional information, refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf\"\u003eWeintek\u0027s security bulletin\u003c/a\u003e.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\n\n\n\nWeintek recommends users follow their  Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf \u00a0to update the following products to the latest versions:\n\n  *  cMT-FHD: OS version 20210211\n  *  cMT-HDM: OS version 20210205\n  *  cMT3071: OS version 20210219\n  *  cMT3072: OS version 20210219\n  *  cMT3103: OS version 20210219\n  *  cMT3090: OS version 20210219\n  *  cMT3151: OS version 20210219\n\n\nFor additional information, refer to  Weintek\u0027s security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .\n\n\n\n\n\n\n\n\n"
            }
          ],
          "source": {
            "advisory": "ICSMA-23-285-12",
            "discovery": "EXTERNAL"
          },
          "title": "Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2023-38584",
        "datePublished": "2023-10-19T19:20:20.059Z",
        "dateReserved": "2023-09-20T14:26:47.021Z",
        "dateUpdated": "2025-01-16T21:28:46.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27446 (GCVE-0-2021-27446)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Code Injection
    Summary
    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:54.929455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:16.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27446",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Code Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27446",
        "datePublished": "2022-05-16T17:15:44.847Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:16.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27444 (GCVE-0-2021-27444)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Improper Access Control
    Summary
    The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:59.080295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27444",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Improper Access Control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27444",
        "datePublished": "2022-05-16T17:15:15.597Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:25.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27442 (GCVE-0-2021-27442)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:13 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Cross-site Scripting
    Summary
    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:55:04.749781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:32.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Cross-site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:13:17.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27442",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Cross-site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Cross-site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27442",
        "datePublished": "2022-05-16T17:13:17.743Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:32.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }