Weintek cMT-3072XH2 Authentication Bypass Vulnerability in Authorization Mechanism

Vulnerability

An authentication bypass vulnerability has been identified in the Weintek cMT-3072XH2 HMI product, specifically in easyweb version 2.1.53 and OS version 20231011. This vulnerability allows unauthorized attackers to perform administrative actions using built-in service accounts. The issue arises from improper authorization checks in the web interface, enabling exploitation through various CGI endpoints and system services.

Impact

Exploitation of this vulnerability allows unauthorized users to bypass authentication and authorization mechanisms, gaining administrative access and the ability to execute arbitrary commands with elevated privileges. This could lead to a full compromise of the HMI system and the industrial processes it controls.

Added: Mar 3, 2026, 8:36 PM

Updated: Mar 3, 2026, 10:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Weintek cMT-3072XH2 Authentication Bypass Vulnerability in Authorization Mechanism

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating