CVE-2023-43492

Public Exploit
Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow

Description

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.

Remediation

Solution:

  • Weintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf  to update the following products to the latest versions: * cMT-FHD: OS version 20210211 * cMT-HDM: OS version 20210205 * cMT3071: OS version 20210219 * cMT3072: OS version 20210219 * cMT3103: OS version 20210219 * cMT3090: OS version 20210219 * cMT3151: OS version 20210219 For additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .

Categories

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.08%
Vendor Advisory weintek.com
Affected: Weintek cMT-FHD
Affected: Weintek cMT-HDM
Affected: Weintek cMT3071
Affected: Weintek cMT3072
Affected: Weintek cMT3103
Affected: Weintek cMT3090
Affected: Weintek cMT3151
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12 third party advisory us government resource
https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf vendor advisory exploit

Frequently Asked Questions

What is the severity of CVE-2023-43492?
CVE-2023-43492 has been scored as a critical severity vulnerability.
How to fix CVE-2023-43492?
To fix CVE-2023-43492: Weintek recommends users follow their Upgrade Instructions https://dl.weintek.com/public/Document/UM0/UM018010E_cMT_Series_OS_Update_Instructions_eng.pdf  to update the following products to the latest versions: * cMT-FHD: OS version 20210211 * cMT-HDM: OS version 20210205 * cMT3071: OS version 20210219 * cMT3072: OS version 20210219 * cMT3103: OS version 20210219 * cMT3090: OS version 20210219 * cMT3151: OS version 20210219 For additional information, refer to Weintek's security bulletin https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf .
Is CVE-2023-43492 being actively exploited in the wild?
It is possible that CVE-2023-43492 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-43492?
CVE-2023-43492 affects Weintek cMT-FHD, Weintek cMT-HDM, Weintek cMT3071, Weintek cMT3072, Weintek cMT3103, Weintek cMT3090, Weintek cMT3151.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.