Main Vulnerability Database SB2023110311

SB2023110311 - Use of hard-coded credentials in Weintek EasyBuilder Pro

Published: November 3, 2023

Security Bulletin ID SB2023110311

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of hard-coded credentials (CVE-ID: CVE-2023-5777)

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-306-05