CVE-2023-37362

Summary

Weintek Weincloud v0.13.6

could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.

Affected Software

VendorProductVersion RangeStatus
WeintekWeincloud0 <= 0.13.6affected

Weaknesses

  • CWE-522: CWE-522 Insufficiently Protected Credentials

Workarounds

​Additional mitigations are recommended to help reduce risk:

  • ​Log in on trusted computers if possible. Log out after usage on un-trusted ones.
  • ​On the HMIs, if the online services are not used, set to offline mode for EasyAccess 2.0 or Dashboard services using system reserved addresses.
  • ​Regularly change passwords to reduce risks.
  • ​Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible- only applicable devices and/or systems have access to the internet.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References