Weintek cMT X Series HMI EasyWeb Service

Plan Patch8.3ICS-CERT ICSA-26-022-05Jan 22, 2026

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Weintek cMT X Series HMI devices contain privilege escalation vulnerabilities in the EasyWeb service. A low-level user can exploit these flaws (CWE-472, CWE-620) to alter user privileges and gain full administrative control of the device. The vulnerabilities affect multiple cMT3072XH, cMT-SVRX-820, and cMT-CTRL01 models running firmware released between mid-2020 and early 2023.

What this means

What could happen

An attacker with low-level local access to a Weintek HMI could escalate privileges to administrator level and take full control of the device, allowing them to modify process setpoints, alter production settings, or shut down operations.

Who's at risk

Manufacturing facilities using Weintek cMT X Series HMI devices—specifically operators and engineers managing production lines, batch processes, or critical equipment through these graphical interfaces. Affected models include cMT3072XH, cMT3072XH(T), cMT-SVRX-820, and cMT-CTRL01 series. Any organization relying on these HMIs for process monitoring and control should prioritize assessment and patching.

How it could be exploited

An attacker with a low-privilege user account on the HMI can send requests to the EasyWeb service to escalate their account privileges. Once administrative privileges are obtained, the attacker can reconfigure the device, access sensitive data, or alter process logic through the HMI interface.

Prerequisites

Low-level user account credentials on the cMT HMI
Network or local access to the EasyWeb service port
cMT device running affected firmware versions

Low authentication requirement (only low-level user account needed)Low attack complexity (straightforward privilege escalation method)High impact on confidentiality and integrityAffects control and visualization equipment critical to operations

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

cMT3072XH(T): >=20200630|<20241112≥ 20200630|<2024111220241112

cMT3072XH: >=20200630|<20241112≥ 20200630|<2024111220241112

cMT-SVRX-820: >=20220413|<20240919≥ 20220413|<2024091920240919

cMT-CTRL01: >=20230308|<20250827≥ 20230308|<2025082720250827

Remediation & Mitigation

0/7

Do now

0/1

WORKAROUNDRestrict network access to the EasyWeb service port using firewall rules; allow only authorized engineering workstations

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate cMT3072XH firmware to version 20241112 or later

HOTFIXUpdate cMT3072XH(T) firmware to version 20241112 or later

HOTFIXUpdate cMT-SVRX-820 firmware to version 20240919 or later

HOTFIXUpdate cMT-CTRL01 firmware to version 20250827 or later

Long-term hardening

0/2

HARDENINGEnforce strong passwords for all HMI user accounts and regularly audit user access privileges

HARDENINGImplement network segmentation to isolate HMI devices from untrusted networks and limit lateral movement

CVEs (2)

CVE-2025-14750 CVE-2025-14751

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3fb7976b-5121-43d4-8675-06af85cbfd36