CVE-2023-0104 (GCVE-0-2023-0104)

Vulnerability from cvelistv5 – Published: 2023-02-22 20:25 – Updated: 2025-01-16 21:55
VLAI?
Summary
The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data.  
Severity ?
9.3 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
CWE
  • CWE-29 - Path Traversal: '\..\filename'
Assigner
References
Impacted products
Vendor Product Version
Weintek EasyBuilder Pro cMT Affected: 0 , ≤ 6.07.01 (custom)
Affected: 0 , ≤ 6.07.02.479 (custom)
Affected: 0 , ≤ 6.08.01.349 (custom)
Create a notification for this product.
Credits
Hank Chen and Mars Cheng of PSIRT and Threat Research of TXOne Networks reported this vulnerability to CISA. Patrick Kuo of TXOne Networks also contributed to this research.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:02:43.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T20:21:56.130362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:55:59.469Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "EasyBuilder Pro cMT ",
          "vendor": "Weintek",
          "versions": [
            {
              "lessThanOrEqual": "6.07.01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.07.02.479 ",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.08.01.349 ",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Hank Chen and Mars Cheng of PSIRT and Threat Research of TXOne Networks reported this vulnerability to CISA. Patrick Kuo of TXOne Networks also contributed to this research."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eThe listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user\u2019s computer or gain access to sensitive data. \u0026nbsp; \u003c/p\u003e\u003cbr\u003e\n\n"
            }
          ],
          "value": "\nThe listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user\u2019s computer or gain access to sensitive data. \u00a0 \n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-29",
              "description": "CWE-29 Path Traversal: \u0027\\..\\filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-22T20:25:04.680Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: var(--wht);\"\u003eWeintek recommends users to implement the following\nmitigation techniques:\u003c/span\u003e\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nUpgrade EasyBuilder Pro to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/EBPro/Installer/EBproV60702480.zip\"\u003ev6.07.02.480\u003c/a\u003e,\n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/EBPro/Installer/EBproV60801350.zip\"\u003ev6.08.01.350\u003c/a\u003e\nor later.\u003c/p\u003e\n\n\u003cp\u003e\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\nUse Decompile only on trusted sources and only when\nneeded.\u003c/p\u003e\n\n\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "Weintek recommends users to implement the following\nmitigation techniques:\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nUpgrade EasyBuilder Pro to  v6.07.02.480 https://dl.weintek.com/EBPro/Installer/EBproV60702480.zip ,\n v6.08.01.350 https://dl.weintek.com/EBPro/Installer/EBproV60801350.zip \nor later.\n\n\n\n\u00b7 \u00a0 \u00a0 \u00a0 \u00a0\nUse Decompile only on trusted sources and only when\nneeded.\n\n\n\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-0104",
    "datePublished": "2023-02-22T20:25:04.680Z",
    "dateReserved": "2023-01-06T18:50:05.156Z",
    "dateUpdated": "2025-01-16T21:55:59.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:weintek:easybuilder_pro:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.07.02.480\", \"matchCriteriaId\": \"CFCF1DCF-C041-4A39-B84B-52D80CBEE863\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:weintek:easybuilder_pro:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.08.01.190\", \"versionEndExcluding\": \"6.08.01.350\", \"matchCriteriaId\": \"AE6E0235-908B-4CA0-8F07-6C0177F5BC93\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nThe listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user\\u2019s computer or gain access to sensitive data. \\u00a0 \\n\\n\\n\\n\\n\"}]",
      "id": "CVE-2023-0104",
      "lastModified": "2024-11-21T07:36:33.640",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.8}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-02-22T21:15:11.207",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-29\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-0104\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2023-02-22T21:15:11.207\",\"lastModified\":\"2024-11-21T07:36:33.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nThe listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user\u2019s computer or gain access to sensitive data. \u00a0 \\n\\n\\n\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.8},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-29\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:weintek:easybuilder_pro:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.07.02.480\",\"matchCriteriaId\":\"CFCF1DCF-C041-4A39-B84B-52D80CBEE863\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:weintek:easybuilder_pro:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.08.01.190\",\"versionEndExcluding\":\"6.08.01.350\",\"matchCriteriaId\":\"AE6E0235-908B-4CA0-8F07-6C0177F5BC93\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:02:43.504Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0104\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-16T20:21:56.130362Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-16T20:21:57.437Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Hank Chen and Mars Cheng of PSIRT and Threat Research of TXOne Networks reported this vulnerability to CISA. Patrick Kuo of TXOne Networks also contributed to this research.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Weintek\", \"product\": \"EasyBuilder Pro cMT \", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.07.01\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.07.02.479 \"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"6.08.01.349 \"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Weintek recommends users to implement the following\\nmitigation techniques:\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nUpgrade EasyBuilder Pro to  v6.07.02.480 https://dl.weintek.com/EBPro/Installer/EBproV60702480.zip ,\\n v6.08.01.350 https://dl.weintek.com/EBPro/Installer/EBproV60801350.zip \\nor later.\\n\\n\\n\\n\\u00b7 \\u00a0 \\u00a0 \\u00a0 \\u00a0\\nUse Decompile only on trusted sources and only when\\nneeded.\\n\\n\\n\\n\\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: var(--wht);\\\"\u003eWeintek recommends users to implement the following\\nmitigation techniques:\u003c/span\u003e\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nUpgrade EasyBuilder Pro to \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://dl.weintek.com/EBPro/Installer/EBproV60702480.zip\\\"\u003ev6.07.02.480\u003c/a\u003e,\\n\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://dl.weintek.com/EBPro/Installer/EBproV60801350.zip\\\"\u003ev6.08.01.350\u003c/a\u003e\\nor later.\u003c/p\u003e\\n\\n\u003cp\u003e\\u00b7 \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\\nUse Decompile only on trusted sources and only when\\nneeded.\u003c/p\u003e\\n\\n\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nThe listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user\\u2019s computer or gain access to sensitive data. \\u00a0 \\n\\n\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cp\u003eThe listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user\\u2019s computer or gain access to sensitive data. \u0026nbsp; \u003c/p\u003e\u003cbr\u003e\\n\\n\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-29\", \"description\": \"CWE-29 Path Traversal: \u0027\\\\..\\\\filename\u0027\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2023-02-22T20:25:04.680Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-0104\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-16T21:55:59.469Z\", \"dateReserved\": \"2023-01-06T18:50:05.156Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2023-02-22T20:25:04.680Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.