Weintek cMT X Series HMI EasyWeb Service

Plan PatchCVSS 8.3ICS-CERT ICSA-26-022-05Jan 22, 2026

WeintekManufacturing

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Weintek cMT series HMI devices contain privilege escalation vulnerabilities in the EasyWeb service (CWE-472, CWE-620). A low-level user could exploit these flaws to escalate privileges and gain full administrative control of the device. Affected products include cMT3072XH, cMT3072XH(T), cMT-SVRX-820, and cMT-CTRL01 running vulnerable firmware versions from their respective release dates through late 2024 and mid-2025.

What this means

What could happen

An attacker with low-level user credentials could exploit privilege escalation vulnerabilities in the EasyWeb service to gain full administrative control of the HMI device, potentially allowing them to modify process parameters, alter alarm settings, or disrupt operator visibility and control of the manufacturing process.

Who's at risk

Manufacturing facilities using Weintek cMT HMI devices (cMT3072XH, cMT3072XH(T), cMT-SVRX-820, cMT-CTRL01) that provide operator control and monitoring of production equipment should prioritize patching, as successful exploitation could grant attackers full control over device functions and the processes they monitor.

How it could be exploited

An attacker with a standard user account on the Weintek cMT HMI would exploit privilege escalation flaws in the EasyWeb service component to escalate their access to administrative level. With admin access, the attacker could modify HMI configurations, change setpoints, or alter the human-machine interface that operators rely on to monitor and control production equipment.

Prerequisites

Valid low-level user credentials (non-admin account) for the cMT HMI device
Network access to the EasyWeb service port on the affected cMT device
Device running vulnerable firmware version (see affected products)

remotely exploitablerequires valid user credentials (low-level access)low complexity exploitationaffects HMI/SCADA visibility and controlhigh CVSS score (8.3)

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

cMT3072XH(T): >=20200630|<20241112≥ 20200630|<2024111220241112

cMT3072XH: >=20200630|<20241112≥ 20200630|<2024111220241112

cMT-SVRX-820: >=20220413|<20240919≥ 20220413|<2024091920240919

cMT-CTRL01: >=20230308|<20250827≥ 20230308|<2025082720250827

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDRestrict network access to the EasyWeb service to only authorized engineering workstations and administrative systems

HARDENINGEnforce strong password policies for all user accounts on cMT devices to limit the impact of compromised low-level credentials

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate cMT3072XH to firmware version 20241112 or later

HOTFIXUpdate cMT3072XH(T) to firmware version 20241112 or later

HOTFIXUpdate cMT-SVRX-820 to firmware version 20240919 or later

HOTFIXUpdate cMT-CTRL01 to firmware version 20250827 or later

CVEs (2)

CVE-2025-14750 CVE-2025-14751

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3fb7976b-5121-43d4-8675-06af85cbfd36

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.