Weintek's human-machine interface (HMI) products include three types of critical vulnerabilities, according to a cybersecurity researcher - who specializes in industrial control systems (ICS).
Customers should download relevant patches and follow measures to mitigate risks, according to a technical advisory posted by the company. The risk of abuse is higher if the devices are linked to an open network, according to the study. Customers can disconnect the devices from the network and update the operating system if the device is accessible by an open network. While devices that are not attached to an open network cannot be compromised, consumers are still encouraged to update their operating systems. If a computer can be accessed via a public IP address, it is said to be exposed to an open network.
Marcin Dudek, a senior ICS/OT security researcher at Poland’s CERT Polska, identified the flaws; the security flaws have also been discovered in the Weintek cMT products', EasyWeb, web-based configuration interface. HMIs (including screen-less HMIs), programmable logic controllers (PLCs), and gateways are all the affected products.
A remote, unauthenticated attacker may use the flaws to conduct malicious JavaScript code with root privileges (CVE-2021-27446), remotely access critical information, and perform actions on behalf of an admin (CVE-2021-27444) and conduct malicious JavaScript code through a stored XSS vulnerability (CVE-2021-27442).
There are even more than 170 cMT HMIs linked directly to the internet, according to Dudek, with networks located in Europe, Asia, and North America. According to the researcher, an attacker may exploit the first two flaws by sending a single query to the targeted computer. An attacker could take advantage of CVE ..
Support the originator by clicking the read the rest link below.
![[DiyOtaku] Gives Old Devices A New Life](upload/news/image_1714723213_17994018.png)
