Security Experts:

Connect with us

Hi, what are you looking for?



Vulnerabilities Can Allow Attackers to Remotely Gain Control of Weintek HMIs

A cybersecurity researcher who specializes in industrial control systems (ICS) has identified three types of critical vulnerabilities in products made by human-machine interface (HMI) manufacturer Weintek.

A cybersecurity researcher who specializes in industrial control systems (ICS) has identified three types of critical vulnerabilities in products made by human-machine interface (HMI) manufacturer Weintek.

The Taiwan-based vendor’s products are used worldwide. The company has posted a technical advisory instructing customers to install available patches and take steps to mitigate risks. It noted that the risk of exploitation is more significant if the devices are connected to an open network.

Weintek HMI vulnerabilitiesThe vulnerabilities were discovered by Marcin Dudek, a senior ICS/OT security researcher at Poland’s CERT Polska. The security holes have been found to impact the EasyWeb web-based configuration interface available for Weintek cMT products. Affected products include HMIs (including screenless HMIs), programmable logic controllers (PLCs), and gateways.

The vulnerabilities can be exploited by a remote, unauthenticated attacker for code execution with root privileges (CVE-2021-27446), to remotely access sensitive information and conduct actions on behalf of an admin (CVE-2021-27444), and to execute malicious JavaScript code via a stored XSS flaw (CVE-2021-27442).

Dudek noted on Twitter that there are more than 170 cMT HMIs connected directly to the internet, including systems located in Europe, Asia and North America.

Learn more about vulnerabilities in industrial systems at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

The researcher told SecurityWeek that an attacker could exploit the first two vulnerabilities with a single request sent to the targeted device. In the case of CVE-2021-27444, an attacker could leverage it to obtain the administrator password hash.

In the worst case scenario, an attacker can exploit the vulnerabilities to take complete control of the targeted device with root privileges, which in a real world environment could have serious consequences.

“Having such high privileges, an attacker can have unlimited access to all functions of the HMI,” Dudek explained. “It could also be used as a proxy to get access to the internal network of an organization, or to have direct access to other industrial devices in the same network, such as PLCs.

Dudek said he worked well with the vendor during the disclosure process. He said it took roughly two months to release all patches, but most of the fixes were ready one month after he reported his findings.

Remotely accessible HMIs can pose a serious threat to organizations in critical infrastructure sectors. Some of the high-profile incidents that came to light recently involve attacks on the water sector.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which issued an advisory for the Weintek cMT vulnerabilities this week, the impacted products are mostly used in the water and commercial facilities sectors.

Related: Iranian Hackers Access Unprotected ICS at Israeli Water Facility

Related: CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products

Related: Tens of Vulnerabilities Expose WAGO Controllers, HMI Panels to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.