CVE-2023-40145

Weintek cMT3000 HMI Web CGI OS Command Injection

Description

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

Remediation

Solution:

  • Weintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf  to update the following products to the latest versions: * cMT-FHD: OS version 20210211 * cMT-HDM: OS version 20210205 * cMT3071: OS version 20210219 * cMT3072: OS version 20210219 * cMT3103: OS version 20210219 * cMT3090: OS version 20210219 * cMT3151: OS version 20210219 For additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .

Category

8.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.41%
Vendor Advisory weintek.com
Affected: Weintek cMT-FHD
Affected: Weintek cMT-HDM
Affected: Weintek cMT3071
Affected: Weintek cMT3072
Affected: Weintek cMT3103
Affected: Weintek cMT3090
Affected: Weintek cMT3151
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12 third party advisory us government resource
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-40145?
CVE-2023-40145 has been scored as a high severity vulnerability.
How to fix CVE-2023-40145?
To fix CVE-2023-40145: Weintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf  to update the following products to the latest versions: * cMT-FHD: OS version 20210211 * cMT-HDM: OS version 20210205 * cMT3071: OS version 20210219 * cMT3072: OS version 20210219 * cMT3103: OS version 20210219 * cMT3090: OS version 20210219 * cMT3151: OS version 20210219 For additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .
Is CVE-2023-40145 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-40145 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-40145?
CVE-2023-40145 affects Weintek cMT-FHD, Weintek cMT-HDM, Weintek cMT3071, Weintek cMT3072, Weintek cMT3103, Weintek cMT3090, Weintek cMT3151.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.