All CISA Advisories, EN

Weintek cMT X Series HMI EasyWeb Service

2026-01-22 20:01

Summary

Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device.

The following versions of Weintek cMT X Series HMI EasyWeb Service are affected:

cMT3072XH (CVE-2025-14750, CVE-2025-14751)
cMT3072XH(T) (CVE-2025-14750, CVE-2025-14751)
cMT-SVRX-820 (CVE-2025-14750, CVE-2025-14751)
cMT-CTRL01 (CVE-2025-14750, CVE-2025-14751)

CVSS	Vendor	Equipment	Vulnerabilities
v3 8.3	Weintek	Weintek cMT X Series HMI EasyWeb Service	External Control of Assumed-Immutable Web Parameter, Unverified Password Change

Background

Critical Infrastructure Sectors: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Taiwan

Vulnerabilities

CVE-2025-14750

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.

View CVE Details

Affected Products

Weintek cMT X Series HMI EasyWeb Service

Vendor:
Weintek

Product Version:
Weintek cMT3072XH: >=20200630|<20241112, Weintek cMT3072XH(T): >=20200630|<20241112, Weintek cMT-SVRX-820: >=20220413|<20240919, Weintek cMT-CTRL01: >=20230308|<20250827

Product Status:
known_affected

Remediations

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Weintek cMT X Series HMI EasyWeb Service

Share this:
Facebook
X
LinkedIn
Like this:
Like Loading...

Related

Tags: All CISA Advisories EN

Post navigation

← EVMAPA

Delta Electronics DIAView →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Analysis of Single Sign On (SSO) abuse on FortiOS January 22, 2026

Crims compromised energy firms’ Microsoft accounts, sent 600 phishing emails January 22, 2026

New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack January 22, 2026

I scan, you scan, we all scan for… knowledge? January 22, 2026

Google to Pay $8.25M Settlement Over Child Data Tracking in Play Store January 22, 2026

What the Alien Franchise Taught Me About Cybersecurity January 22, 2026

Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems January 22, 2026

Cybercriminals Target Cloud File-Sharing Services to Access Corporate Data January 22, 2026

Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time January 22, 2026

Ask Me Anything Cyber – Brooklyn TECH EXPO with Vlad Schifrin January 22, 2026

Ask Me Anything Cyber with Stephanie Zavala January 22, 2026

ICE Agents Are ‘Doxing’ Themselves January 22, 2026

Delta Electronics DIAView January 22, 2026

Weintek cMT X Series HMI EasyWeb Service January 22, 2026

EVMAPA January 22, 2026

Schneider Electric EcoStruxure Process Expert January 22, 2026

Rockwell Automation CompactLogix 5370 January 22, 2026

Microsoft Security success stories: Why integrated security is the foundation of AI transformation January 22, 2026

Hackers Are Using LinkedIn DMs and PDF Tools to Deploy Trojans January 22, 2026

ESA Confirms Cyber Breach After Hacker Claims 200GB Data Theft January 22, 2026

Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options

Manage services

Manage {vendor_count} vendors

Read more about these purposes

View preferences

{title}

{title}

{title}