Weintek cMT X Series HMI EasyWeb Service External Control of Assumed-Immutable Web Parameter Vulnerability

A vulnerability exists in the Weintek cMT X Series HMI EasyWeb Service, specifically in the cMT3072XH, cMT3072XH(T), cMT-SVRX-820, and cMT-CTRL01 versions. The issue arises because the web application fails to properly validate inputs that are presumed to be unchangeable but can be manipulated externally. This flaw allows a low-privileged user to alter parameters and potentially change account-level privileges. Successful exploitation could enable the user to gain full control of the device.

Impact

Exploitation of this vulnerability could allow a low-level user to change privileges and obtain complete control over the device.

Remediation

CISA recommends minimizing network exposure for all control system devices, ensuring they are not accessible from the internet. Control system networks and remote devices should be located behind firewalls and isolated from business networks. When remote access is necessary, use more secure methods such as Virtual Private Networks (VPNs), while keeping in mind that VPNs may have vulnerabilities and should be updated to the latest version. Organizations should perform a proper impact analysis and risk assessment before deploying defensive measures.