CVE-2023-34429

Summary

Weintek Weincloud v0.13.6

could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.

Affected Software

VendorProductVersion RangeStatus
WeintekWeincloud0 <= 0.13.6affected

Weaknesses

  • CWE-237: CWE-237 Improper Handling of Structural Elements

Workarounds

Additional mitigations are recommended to help reduce risk:

  • ​Log in on trusted computers if possible. Log out after usage on un-trusted ones.
  • ​On the HMIs, if the online services are not used, set to offline mode for EasyAccess 2.0 or Dashboard services using system reserved addresses.
  • ​Regularly change passwords to reduce risks.
  • ​Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible- only applicable devices and/or systems have access to the internet.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References