All CISA Advisories, EN

Weintek cMT X Series HMI EasyWeb Service

2026-01-22 20:01

Summary

Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device.

The following versions of Weintek cMT X Series HMI EasyWeb Service are affected:

cMT3072XH (CVE-2025-14750, CVE-2025-14751)
cMT3072XH(T) (CVE-2025-14750, CVE-2025-14751)
cMT-SVRX-820 (CVE-2025-14750, CVE-2025-14751)
cMT-CTRL01 (CVE-2025-14750, CVE-2025-14751)

CVSS	Vendor	Equipment	Vulnerabilities
v3 8.3	Weintek	Weintek cMT X Series HMI EasyWeb Service	External Control of Assumed-Immutable Web Parameter, Unverified Password Change

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan

Vulnerabilities

CVE-2025-14750

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.

View CVE Details

Affected Products

Weintek cMT X Series HMI EasyWeb Service

Vendor:
Weintek

Product Version:
Weintek cMT3072XH: >=20200630|<20241112, Weintek cMT3072XH(T): >=20200630|<20241112, Weintek cMT-SVRX-820: >=20220413|<20240919, Weintek cMT-CTRL01: >=20230308|<20250827

Product Status:
known_affected

Remediations

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Weintek cMT X Series HMI EasyWeb Service

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← EVMAPA

Delta Electronics DIAView →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Views on AI & the Anthropic Report January 22, 2026

NDSS 2025 – Rethinking Trust In Forge-Based Git Security January 22, 2026

Ring is adding a new content verification feature to videos January 22, 2026

Machine learning–powered Android Trojans bypass script-based Ad Click detection January 22, 2026

New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks January 22, 2026

IT Security News Hourly Summary 2026-01-22 21h : 10 posts January 22, 2026

Analysis of Single Sign-On Abuse on FortiOS January 22, 2026

Why AI Is Making Attack Surface Management Mandatory January 22, 2026

Analysis of Single Sign On (SSO) abuse on FortiOS January 22, 2026

Crims compromised energy firms’ Microsoft accounts, sent 600 phishing emails January 22, 2026

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack January 22, 2026

I scan, you scan, we all scan for… knowledge? January 22, 2026

Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store January 22, 2026

What the Alien Franchise Taught Me About Cybersecurity January 22, 2026

Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems January 22, 2026

Cybercriminals Target Cloud File-Sharing Services to Access Corporate Data January 22, 2026

Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time January 22, 2026

Ask Me Anything Cyber – Brooklyn TECH EXPO with Vlad Schifrin January 22, 2026

Ask Me Anything Cyber with Stephanie Zavala January 22, 2026

ICE Agents Are ‘Doxing’ Themselves January 22, 2026

Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}