SecurityWeek reports that organizations across the U.S. have been alerted by the Cybersecurity and Infrastructure Security Agency regarding three critical and high-severity Weintek cMT human-machine interface vulnerabilities, which should be immediately remediated.
Attacks leveraging the flaws could facilitate authentication bypass and arbitrary command execution to eventually enable total HMI takeovers, according to TXOne Networks researcher Hank Chen, who discovered and reported the vulnerabilities.
Such findings were reaffirmed by Weintek.
"By combining [the vulnerabilities], a remote attacker may gain access to the system or remotely execute commands without authentication via the web server whose OS version is listed as affected," said Weintek.
However, Chen noted that HMI passwords are needed for executing arbitrary commands.
Such vulnerabilities come months after organizations were warned by CISA regarding flaws in Weintek's Weincloud cloud-based HMI, which TXOne researchers noted could be abused to compromise programmable logic controllers, field devices, and other industrial control systems.
Identity, Critical Infrastructure Security, Security Staff Acquisition & Development
Immediate patching of Weintek HMI flaws recommended
An In-Depth Guide to Identity
Get essential knowledge and practical strategies to fortify your identity security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds