Weintek, a Taiwan-based company, has taken swift action to address critical and high-severity vulnerabilities identified in its cMT series Human-Machine Interfaces (HMIs) by industrial cybersecurity firm TXOne.
The U.S. cybersecurity agency CISA recently issued a warning regarding these vulnerabilities, as the affected product, the Weintek cMT HMI, is widely used, including in critical manufacturing organizations considered part of critical infrastructure. These vulnerabilities, totaling three, allow anonymous users to bypass the authentication process and execute arbitrary commands once they log in to the targeted device. Weintek responded by releasing patches for various product series, including cMT3000-series, cMT-HDM, and cMT-FHD.
An alarming aspect of these vulnerabilities is that, when combined, they can potentially enable remote attackers to gain unauthorized access to the system or execute commands via the web server.
According to Hank Chen, the researcher at TXOne Networks credited with discovering these flaws, the vulnerabilities could empower attackers to take complete control of an HMI. However, it’s worth noting that launching a Denial of Service (DoS) attack doesn’t require special permissions, while executing arbitrary commands necessitates knowledge of the HMI’s password.
While there are instances of impacted Weintek HMIs directly exposed to the internet, these cases are limited. TXOne has also shared technical details of these vulnerabilities through a blog post. This isn’t the first time that TXOne researchers have uncovered vulnerabilities in Weintek products.
Earlier this year, CISA reported issues identified by TXOne in the Weincloud cloud-based HMI, which could potentially enable attackers to manipulate and damage Industrial Control Systems (ICS), including PLCs and field devices, underlining the need for robust cybersecurity measures and prompt patching to safeguard critical infrastructure.