OTPulse
FeedAboutContact

Weintek EasyBuilder Pro

Act Now9.8ICS-CERT ICSA-23-306-05Nov 2, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

This vulnerability allows remote unauthenticated execution of arbitrary commands on computers running EasyBuilder Pro with the privileges of the logged-in user. Successful exploitation could allow an attacker to obtain remote control of an engineering workstation as a privileged user. The vulnerability stems from hardcoded credentials (CWE-798) in the application.

What this means
What could happen
An attacker could execute commands on an engineering workstation running EasyBuilder Pro with elevated privileges, potentially compromising HMI projects, stealing configuration data, or altering process logic before deployment to field devices.
Who's at risk
HMI and process automation engineers using Weintek EasyBuilder Pro to design and test human-machine interface projects. This affects water utilities, electric utilities, and any facility running Weintek-based control systems where engineering workstations are networked.
How it could be exploited
An attacker on the network sends a malicious request to EasyBuilder Pro (port likely HTTP/HTTPS) that exploits hardcoded or default credentials embedded in the application. No user interaction or authentication is required. Once connected, the attacker can run arbitrary commands as the logged-in user.
Prerequisites
  • Network access to the engineering workstation running EasyBuilder Pro
  • Vulnerable version of EasyBuilder Pro running and accessible on the network
  • No firewall rules blocking access to EasyBuilder Pro port
remotely exploitableno authentication requiredlow complexityhigh CVSS score (9.8)affects engineering/development systems that control plant operations
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
EasyBuilder Pro: <6.07.02<6.07.026.08.01.614
EasyBuilder Pro: <=6.08.01.592≤ 6.08.01.5926.08.01.614
EasyBuilder Pro: <=6.08.02.470≤ 6.08.02.4706.08.01.614
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDRestrict network access to EasyBuilder Pro workstations using firewall rules; only allow access from authorized engineering networks
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EasyBuilder Pro to version 6.08.01.614 or later
HOTFIXUpdate EasyBuilder Pro to version 6.08.02.500 or later
Long-term hardening
0/2
HARDENINGIsolate HMI engineering networks from business networks and the internet using network segmentation
HARDENINGUse VPN with multi-factor authentication for any remote access to engineering workstations
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/2a59edec-3309-43e3-8e22-909d4ad13535
Weintek EasyBuilder Pro | CVSS 9.8 - OTPulse