CRITICAL🇵🇱 Wersja polska

CVE-2024-55024

CVSS 9.8v3.1pub. 2026-03-03upd. 2026-03-04

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.

🤖 AI Analysis
How it works

The flaw exists in the authorization mechanism of the easyweb v2.1.53 application running on the operating system version OS v20231011. An attacker can remotely bypass the authentication procedure without possessing any credentials and gain access through service accounts. This results in the ability to perform administrative operations as if the attacker were an authorized user with the highest privileges.

Impact

An unauthorized attacker can perform arbitrary administrative actions on the device, which in an industrial environment can lead to disruption of production processes, modification of HMI controller configuration, and violation of data confidentiality and integrity.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the patch is applied, it is recommended to isolate HMI devices from untrusted networks, restrict network access to the easyweb panel using a firewall, and implement OT/IT network segmentation.

Who is affected

Weintek cMT-3072XH2 with easyweb software version 2.1.53 and operating system firmware OS v20231011

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Weintek Cmt 3072xh2

    HW
    Weintek
    wszystkie wersje
  • Weintek Cmt 3072xh2 Firmware

    OS
    Weintek
    20231011
  • Weintek Easyweb

    APP
    Weintek
    2.1.53
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-55020CRITICAL9.8PL ✓ten sam produkt

Command injection z uprawnieniami root w Weintek cMT-3072XH2 easyweb

CVE-2024-55026CRITICAL9.8PL ✓ten sam produkt

Wykonanie dowolnych poleceń przez endpoint reset_pj.cgi w Weintek cMT-3072XH2

CVE-2024-55022HIGH8.8ten sam produkt

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection...

CVE-2024-55019HIGH7.5ten sam produkt

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, ...

CVE-2024-55021HIGH7.5ten sam produkt

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP pr...