Search criteria
2 vulnerabilities found for EasyBuilder Pro by Weintek
CVE-2023-5777 (GCVE-0-2023-5777)
Vulnerability from cvelistv5 – Published: 2023-11-06 19:26 – Updated: 2025-01-16 21:26
VLAI?
Title
Weintek EasyBuilder Pro Use of Hard-coded Credentials
Summary
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Weintek | EasyBuilder Pro |
Affected:
0 , < v6.07.02
(custom)
Affected: 0 , ≤ 6.08.01.592 (custom) Affected: 0 , ≤ 6.08.02.470 (custom) |
Credits
Hank Chen (PSIRT and Threat Research of TXOne Networks) reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:21.675124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:49.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EasyBuilder Pro",
"vendor": "Weintek",
"versions": [
{
"lessThan": "v6.07.02",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.08.01.592",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.08.02.470",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported this vulnerability to CISA."
}
],
"datePublic": "2023-11-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nWeintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T19:26:09.044Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eWeintek recommends users apply the following mitigations:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate EasyBuilder Pro to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.weintek.com/globalw/Download/Download.aspx\"\u003ev6.08.01.614\u003c/a\u003e\u003c/li\u003e\u003cli\u003eUpdate EasyBuilder Pro to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.weintek.com/globalw/Download/Download.aspx\"\u003ev6.08.02.500\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n\n\n\n\nWeintek recommends users apply the following mitigations:\n\n * Update EasyBuilder Pro to v6.08.01.614 https://www.weintek.com/globalw/Download/Download.aspx \n * Update EasyBuilder Pro to v6.08.02.500 https://www.weintek.com/globalw/Download/Download.aspx \n\n\n\n\n\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-306-05",
"discovery": "EXTERNAL"
},
"title": "Weintek EasyBuilder Pro Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5777",
"datePublished": "2023-11-06T19:26:09.044Z",
"dateReserved": "2023-10-25T22:32:36.999Z",
"dateUpdated": "2025-01-16T21:26:49.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5777 (GCVE-0-2023-5777)
Vulnerability from nvd – Published: 2023-11-06 19:26 – Updated: 2025-01-16 21:26
VLAI?
Title
Weintek EasyBuilder Pro Use of Hard-coded Credentials
Summary
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
Severity ?
9.8 (Critical)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Weintek | EasyBuilder Pro |
Affected:
0 , < v6.07.02
(custom)
Affected: 0 , ≤ 6.08.01.592 (custom) Affected: 0 , ≤ 6.08.02.470 (custom) |
Credits
Hank Chen (PSIRT and Threat Research of TXOne Networks) reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:22:21.675124Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:49.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EasyBuilder Pro",
"vendor": "Weintek",
"versions": [
{
"lessThan": "v6.07.02",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.08.01.592",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.08.02.470",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hank Chen (PSIRT and Threat Research of TXOne Networks) reported this vulnerability to CISA."
}
],
"datePublic": "2023-11-02T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWeintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
}
],
"value": "\n\n\nWeintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T19:26:09.044Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eWeintek recommends users apply the following mitigations:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate EasyBuilder Pro to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.weintek.com/globalw/Download/Download.aspx\"\u003ev6.08.01.614\u003c/a\u003e\u003c/li\u003e\u003cli\u003eUpdate EasyBuilder Pro to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.weintek.com/globalw/Download/Download.aspx\"\u003ev6.08.02.500\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\n\n\u003cp\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\n\n\n\n\nWeintek recommends users apply the following mitigations:\n\n * Update EasyBuilder Pro to v6.08.01.614 https://www.weintek.com/globalw/Download/Download.aspx \n * Update EasyBuilder Pro to v6.08.02.500 https://www.weintek.com/globalw/Download/Download.aspx \n\n\n\n\n\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-306-05",
"discovery": "EXTERNAL"
},
"title": "Weintek EasyBuilder Pro Use of Hard-coded Credentials",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-5777",
"datePublished": "2023-11-06T19:26:09.044Z",
"dateReserved": "2023-10-25T22:32:36.999Z",
"dateUpdated": "2025-01-16T21:26:49.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}