ICSA-23-285-12 · Published 2023-10-12 · View on CISA ICS-CERT ↗

Weintek cMT3000 HMI Web CGI

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands.

CVEs (3)

CVE-2023-38584 CVE-2023-40145 CVE-2023-43492

Remediations

Weintek recommends users follow their Upgrade Instructions to update the following products to the latest versions:
cMT-FHD: OS version 20210211
cMT-HDM: OS version 20210205
cMT3071: OS version 20210219
cMT3072: OS version 20210219
cMT3103: OS version 20210219
cMT3090: OS version 20210219
cMT3151: OS version 20210219
For additional information, refer to Weintek's security bulletin.

Affected Vendors

Weintek

Affected Products (7)

Weintek · cMT-FHD <=20210210

Weintek · cMT-HDM <=20210204

Weintek · cMT3071 <=20210218

Weintek · cMT3072 <=20210218

Weintek · cMT3103 <=20210218

Weintek · cMT3090 <=20210218

Weintek · cMT3151 <=20210218

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more