CVE-2023-0104 – This vulnerability in Weintek EasyBuilder Pro a... (How to Fix)

Q: What is the severity of CVE-2023-0104?

CVE-2023-0104 has a CVSS score of 9.3 (CRITICAL). This vulnerability in Weintek EasyBuilder Pro allows attackers to execute arbitrary code or access sensitive data by tricking users into opening malicious project files. The ZipSlip attack occurs during decompilation, enabling file overwrites outside intended directories. Users of vulnerable versions are at risk.

📋 TL;DR

This vulnerability in Weintek EasyBuilder Pro allows attackers to execute arbitrary code or access sensitive data by tricking users into opening malicious project files. The ZipSlip attack occurs during decompilation, enabling file overwrites outside intended directories. Users of vulnerable versions are at risk.

💻 Affected Systems

Products:

Weintek EasyBuilder Pro

Versions: Versions prior to v6.08.02

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction to open malicious project files.

📦 What is this software?

Easybuilder Pro by Weintek

View all CVEs affecting Easybuilder Pro →

Easybuilder Pro by Weintek

View all CVEs affecting Easybuilder Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to install malware, steal credentials, or pivot to other systems.

🟠

Likely Case

Local file system compromise leading to data theft or privilege escalation on the affected machine.

🟢

If Mitigated

Limited impact with proper file integrity monitoring and user awareness preventing malicious file execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to deliver malicious project file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.08.02

Vendor Advisory: https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01

Restart Required: Yes

Instructions:

1. Download v6.08.02 from official Weintek website. 2. Backup existing projects. 3. Run installer with administrative privileges. 4. Restart system after installation.

🔧 Temporary Workarounds

Restrict Project File Sources

windows

Only open project files from trusted sources and implement file validation.

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized executables.
Use least privilege accounts and restrict file system write permissions.

🔍 How to Verify

Check if Vulnerable:

Check EasyBuilder Pro version in Help > About menu.

Check Version:

Not applicable - check via application GUI.

Verify Fix Applied:

Confirm version is v6.08.02 or later in Help > About menu.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside project directories
Multiple failed file access attempts

Network Indicators:

Unexpected outbound connections after project file opening

SIEM Query:

EventID=4663 AND ObjectName LIKE '%..%' AND ProcessName='EasyBuilderPro.exe'

📊 Metadata

CVE ID: CVE-2023-0104

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H

CWE: CWE-29

Published: February 22, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01 Third Party Advisory,US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-23-045-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0104, you might also want to check these: