Weintek EasyBuilder Pro reports critical vulnerability
Take action: If you are using Weintek EasyBuilder Pro, it's good to be aware of this vulnerability. No need to rush for immediate patch since the issue is connected to a crash report. First make sure you EasyBuilder Pro is isolated from internet access, used only from secure access. Then plan a systematic patch.
Weintek's EasyBuilder Pro software has a critical vulnerability tracked as CVE-2023-5777 (CVSS3 score 9.8)
EasyBuilder Pro is a software program developed by Weintek that is used for creating graphical user interfaces (GUIs) for human-machine interfaces (HMIs). These HMIs typically provide a control and visualization interface between a human (the operator) and a machine or process.
EasyBuilder Pro supports communication with a multitude of PLCs and other devices through various protocols, facilitating integration into diverse industrial environments.
The identified vulnerability involves the software having built-in credentials which, despite the deletion of the private key post-transmission of a crash report, could result in unauthorized access to the crash report server due to the public exposure of the private key.
Should this security flaw be leveraged, perpetrators could potentially gain unauthorized remote access to a user's system with elevated rights.
To mitigate this issue, Weintek has suggested users:
|Commend fixes issues in WS203VICM after product end-of-life
|Honeywell releases patch for critical vulneabilities of Experion …
|Critical Vulnerability in Dover Fueling Solutions MAGLINK LX …
|Rockwell Automation vulnerability exploited in the wild by …
|QNAP releases multiple patches, including two high severity