Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for cMT-CTRL01 by Weintek

    CVE-2025-14751 (GCVE-0-2025-14751)

    Vulnerability from nvd – Published: 2026-01-22 21:42 – Updated: 2026-01-26 21:02
    VLAI
    Title
    Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service
    Summary
    A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-620 - Unverified Password Change
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT3072XH Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT3072XH(T) Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT-SVRX-820 Affected: 20220413 , < 20240919 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: 20230308 , < 20250827 (custom)
    Create a notification for this product.
    Credits
    Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-26T21:01:59.502514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-26T21:02:09.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH(T)",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-SVRX-820",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20240919",
                  "status": "affected",
                  "version": "20220413",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20250827",
                  "status": "affected",
                  "version": "20230308",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-620",
                  "description": "CWE-620 Unverified Password Change",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T21:42:50.871Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Weintek recommends users implement the following mitigation techniques: \u003cbr\u003e\u003cbr\u003e* cMT3072XH: Version 20241112\u003cbr\u003e* cMT3072XH(T): Version 20241112\u003cbr\u003e* cMT-SVRX-820: Version 20240919\u003cbr\u003e* cMT-CTRL01: Version 20250827\u003cbr\u003e\u003cbr\u003eFor more information, see Weintek\u0027s planned notice: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\"\u003ehttps://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Weintek recommends users implement the following mitigation techniques: \n\n* cMT3072XH: Version 20241112\n* cMT3072XH(T): Version 20241112\n* cMT-SVRX-820: Version 20240919\n* cMT-CTRL01: Version 20250827\n\nFor more information, see Weintek\u0027s planned notice:  https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-14751",
        "datePublished": "2026-01-22T21:42:50.871Z",
        "dateReserved": "2025-12-15T20:40:05.015Z",
        "dateUpdated": "2026-01-26T21:02:09.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14750 (GCVE-0-2025-14750)

    Vulnerability from nvd – Published: 2026-01-22 21:40 – Updated: 2026-01-26 21:01
    VLAI
    Title
    External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service
    Summary
    The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-472 - External Control of Assumed-Immutable Web Parameter
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT3072XH Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT3072XH(T) Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT-SVRX-820 Affected: 20220413 , < 20240919 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: 20230308 , < 20250827 (custom)
    Create a notification for this product.
    Credits
    Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14750",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-26T21:01:22.166872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-26T21:01:31.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH(T)",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-SVRX-820",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20240919",
                  "status": "affected",
                  "version": "20220413",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20250827",
                  "status": "affected",
                  "version": "20230308",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges. \u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-472",
                  "description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T21:40:56.977Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Weintek recommends users implement the following mitigation techniques: \u003cbr\u003e\u003cbr\u003e* cMT3072XH: Version 20241112\u003cbr\u003e* cMT3072XH(T): Version 20241112\u003cbr\u003e* cMT-SVRX-820: Version 20240919\u003cbr\u003e* cMT-CTRL01: Version 20250827\u003cbr\u003e\u003cbr\u003eFor more information, see Weintek\u0027s planned notice: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\"\u003ehttps://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Weintek recommends users implement the following mitigation techniques: \n\n* cMT3072XH: Version 20241112\n* cMT3072XH(T): Version 20241112\n* cMT-SVRX-820: Version 20240919\n* cMT-CTRL01: Version 20250827\n\nFor more information, see Weintek\u0027s planned notice:  https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-14750",
        "datePublished": "2026-01-22T21:40:56.977Z",
        "dateReserved": "2025-12-15T20:40:03.048Z",
        "dateUpdated": "2026-01-26T21:01:31.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-27446 (GCVE-0-2021-27446)

    Vulnerability from nvd – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Code Injection
    Summary
    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:54.929455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:16.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27446",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Code Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27446",
        "datePublished": "2022-05-16T17:15:44.847Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:16.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27444 (GCVE-0-2021-27444)

    Vulnerability from nvd – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Improper Access Control
    Summary
    The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:59.080295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27444",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Improper Access Control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27444",
        "datePublished": "2022-05-16T17:15:15.597Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:25.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27442 (GCVE-0-2021-27442)

    Vulnerability from nvd – Published: 2022-05-16 17:13 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Cross-site Scripting
    Summary
    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:55:04.749781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:32.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Cross-site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:13:17.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27442",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Cross-site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Cross-site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27442",
        "datePublished": "2022-05-16T17:13:17.743Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:32.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-14751 (GCVE-0-2025-14751)

    Vulnerability from cvelistv5 – Published: 2026-01-22 21:42 – Updated: 2026-01-26 21:02
    VLAI
    Title
    Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service
    Summary
    A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-620 - Unverified Password Change
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT3072XH Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT3072XH(T) Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT-SVRX-820 Affected: 20220413 , < 20240919 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: 20230308 , < 20250827 (custom)
    Create a notification for this product.
    Credits
    Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-26T21:01:59.502514Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-26T21:02:09.222Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH(T)",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-SVRX-820",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20240919",
                  "status": "affected",
                  "version": "20220413",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20250827",
                  "status": "affected",
                  "version": "20230308",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation.\u003cbr\u003e"
                }
              ],
              "value": "A low-privileged user can bypass account credentials without confirming the user\u0027s current authentication state, which may lead to unauthorized privilege escalation."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-620",
                  "description": "CWE-620 Unverified Password Change",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T21:42:50.871Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Weintek recommends users implement the following mitigation techniques: \u003cbr\u003e\u003cbr\u003e* cMT3072XH: Version 20241112\u003cbr\u003e* cMT3072XH(T): Version 20241112\u003cbr\u003e* cMT-SVRX-820: Version 20240919\u003cbr\u003e* cMT-CTRL01: Version 20250827\u003cbr\u003e\u003cbr\u003eFor more information, see Weintek\u0027s planned notice: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\"\u003ehttps://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Weintek recommends users implement the following mitigation techniques: \n\n* cMT3072XH: Version 20241112\n* cMT3072XH(T): Version 20241112\n* cMT-SVRX-820: Version 20240919\n* cMT-CTRL01: Version 20250827\n\nFor more information, see Weintek\u0027s planned notice:  https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unverified Password Change in Weintek cMT X Series HMI EasyWeb Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-14751",
        "datePublished": "2026-01-22T21:42:50.871Z",
        "dateReserved": "2025-12-15T20:40:05.015Z",
        "dateUpdated": "2026-01-26T21:02:09.222Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-14750 (GCVE-0-2025-14750)

    Vulnerability from cvelistv5 – Published: 2026-01-22 21:40 – Updated: 2026-01-26 21:01
    VLAI
    Title
    External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service
    Summary
    The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-472 - External Control of Assumed-Immutable Web Parameter
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT3072XH Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT3072XH(T) Affected: 20200630 , < 20241112 (custom)
    Create a notification for this product.
    Weintek cMT-SVRX-820 Affected: 20220413 , < 20240919 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: 20230308 , < 20250827 (custom)
    Create a notification for this product.
    Credits
    Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-14750",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-26T21:01:22.166872Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-26T21:01:31.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT3072XH(T)",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20241112",
                  "status": "affected",
                  "version": "20200630",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-SVRX-820",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20240919",
                  "status": "affected",
                  "version": "20220413",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20250827",
                  "status": "affected",
                  "version": "20230308",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joel Aviad Ossi of WebSec B.V reported these vulnerabilities to CISA."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges. \u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-472",
                  "description": "CWE-472 External Control of Assumed-Immutable Web Parameter",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-22T21:40:56.977Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-022-05"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Weintek recommends users implement the following mitigation techniques: \u003cbr\u003e\u003cbr\u003e* cMT3072XH: Version 20241112\u003cbr\u003e* cMT3072XH(T): Version 20241112\u003cbr\u003e* cMT-SVRX-820: Version 20240919\u003cbr\u003e* cMT-CTRL01: Version 20250827\u003cbr\u003e\u003cbr\u003eFor more information, see Weintek\u0027s planned notice: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\"\u003ehttps://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf\u003c/a\u003e\u003cbr\u003e"
                }
              ],
              "value": "Weintek recommends users implement the following mitigation techniques: \n\n* cMT3072XH: Version 20241112\n* cMT3072XH(T): Version 20241112\n* cMT-SVRX-820: Version 20240919\n* cMT-CTRL01: Version 20250827\n\nFor more information, see Weintek\u0027s planned notice:  https://dl.weintek.com/public/Document/TEC/TEC25003E_cMT_EasyWeb_V2_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2025-14750",
        "datePublished": "2026-01-22T21:40:56.977Z",
        "dateReserved": "2025-12-15T20:40:03.048Z",
        "dateUpdated": "2026-01-26T21:01:31.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-27446 (GCVE-0-2021-27446)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Code Injection
    Summary
    The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27446",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:54.929455Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:16.549Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:44.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Code Injection",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27446",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Code Injection"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-94: Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27446",
        "datePublished": "2022-05-16T17:15:44.847Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:16.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27444 (GCVE-0-2021-27444)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:15 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Improper Access Control
    Summary
    The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.213Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27444",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:54:59.080295Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:25.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:15:15.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Improper Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27444",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Improper Access Control"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27444",
        "datePublished": "2022-05-16T17:15:15.597Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:25.289Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27442 (GCVE-0-2021-27442)

    Vulnerability from cvelistv5 – Published: 2022-05-16 17:13 – Updated: 2025-04-16 16:21
    VLAI
    Title
    Weintek EasyWeb cMT Cross-site Scripting
    Summary
    The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Weintek cMT-SVR-1xx/2xx Affected: unspecified , < 20210305 (custom)
    Create a notification for this product.
    Weintek cMT-G01/G02 Affected: unspecified , < 20210209 (custom)
    Create a notification for this product.
    Weintek cMT-G03/G04 Affected: unspecified , < 20210222 (custom)
    Create a notification for this product.
    Weintek cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 Affected: unspecified , < 20210218 (custom)
    Create a notification for this product.
    Weintek cMT-HDM Affected: unspecified , < 20210204 (custom)
    Create a notification for this product.
    Weintek cMT-FHD Affected: unspecified , < 20210208 (custom)
    Create a notification for this product.
    Weintek cMT-CTRL01 Affected: unspecified , < 20210302 (custom)
    Create a notification for this product.
    Date Public
    2021-03-23 00:00
    Credits
    Marcin Dudek from CERT.PL reported these vulnerabilities to CISA.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:48:17.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-27442",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-16T15:55:04.749781Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-16T16:21:32.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "cMT-SVR-1xx/2xx",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210305",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G01/G02",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210209",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-G03/G04",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210222",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210218",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-HDM",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210204",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-FHD",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210208",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "cMT-CTRL01",
              "vendor": "Weintek",
              "versions": [
                {
                  "lessThan": "20210302",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Cross-site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-16T17:13:17.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Weintek EasyWeb cMT Cross-site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2021-03-23T17:00:00.000Z",
              "ID": "CVE-2021-27442",
              "STATE": "PUBLIC",
              "TITLE": "Weintek EasyWeb cMT Cross-site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "cMT-SVR-1xx/2xx",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210305"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G01/G02",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210209"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-G03/G04",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210222"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT3071/cMT3072/cMT3090/cMT3103/cMT3151",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210218"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-HDM",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210204"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-FHD",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210208"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "cMT-CTRL01",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "20210302"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Weintek"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Marcin Dudek from CERT.PL reported these vulnerabilities to CISA."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79: Cross-site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01",
                  "refsource": "MISC",
                  "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-082-01"
                },
                {
                  "name": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Weintek has released OS upgrades for the affected products. Refer to Weintek\u2019s Technical Notice regarding these vulnerabilities.\nhttps://www.weintek.com/globalw/Download/Download.aspx\nhttps://dl.weintek.com/public/Document/TEC/TEC21001E_cMT_EasyWeb_V1_Security_Issues.pdf"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2021-27442",
        "datePublished": "2022-05-16T17:13:17.743Z",
        "dateReserved": "2021-02-19T00:00:00.000Z",
        "dateUpdated": "2025-04-16T16:21:32.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }