Home›Brands›Weintek

Platform

Weintek

cMT and eMT series industrial HMI panels with EasyBuilder Pro for industrial visualization and SCADA.

https://www.weintek.com →

Total CVEs

Resources

CVEsCVEs SpecsTech Specs DocsTech Docs ImplImplementations ExamplesExamples

9 / 21

CVE-2024-55022HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.

Mar 3, 2026

8.8

CVE-2023-50466HIGH

An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.

Dec 19, 2023

8.8

CVE-2023-40145HIGH

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

Oct 19, 2023

8.8

CVE-2024-55027HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.

Mar 3, 2026

7.5

CVE-2024-55021HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

Mar 3, 2026

7.5

CVE-2024-55019HIGH

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.

Mar 3, 2026

7.5

CVE-2023-34429HIGH

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.

Jul 19, 2023

7.5

CVE-2023-35134HIGH

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.

Jul 19, 2023

7.4

CVE-2023-37362HIGH

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.

Jul 19, 2023

7.2

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2024-55022	HIGH	8.8	Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command…	Mar 3, 2026	›
CVE-2023-50466	HIGH	8.8	An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS …	Dec 19, 2023	›
CVE-2023-40145	HIGH	8.8	In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary comman…	Oct 19, 2023	›
CVE-2024-55027	HIGH	7.5	Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext i…	Mar 3, 2026	›
CVE-2024-55021	HIGH	7.5	Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in …	Mar 3, 2026	›
CVE-2024-55019	HIGH	7.5	Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version…	Mar 3, 2026	›
CVE-2023-34429	HIGH	7.5	Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for …	Jul 19, 2023	›
CVE-2023-35134	HIGH	7.4	Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding ac…	Jul 19, 2023	›
CVE-2023-37362	HIGH	7.2	Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to log…	Jul 19, 2023	›

9 / 21

CVE-2024-55022HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.

Mar 3, 2026

8.8

CVE-2023-50466HIGH

Dec 19, 2023

8.8

CVE-2023-40145HIGH

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device.

Oct 19, 2023

8.8

CVE-2024-55027HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.

Mar 3, 2026

7.5

CVE-2024-55021HIGH

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

Mar 3, 2026

7.5

CVE-2024-55019HIGH

Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.

Mar 3, 2026

7.5

CVE-2023-34429HIGH

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.

Jul 19, 2023

7.5

CVE-2023-35134HIGH

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.

Jul 19, 2023

7.4

CVE-2023-37362HIGH

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.

Jul 19, 2023

7.2

CVE ID ⇅	Severity ↓	CVSS ⇅	Description	Published ⇅
CVE-2024-55022	HIGH	8.8	Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command…	Mar 3, 2026	›
CVE-2023-50466	HIGH	8.8	An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS …	Dec 19, 2023	›
CVE-2023-40145	HIGH	8.8	In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary comman…	Oct 19, 2023	›
CVE-2024-55027	HIGH	7.5	Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext i…	Mar 3, 2026	›
CVE-2024-55021	HIGH	7.5	Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in …	Mar 3, 2026	›
CVE-2024-55019	HIGH	7.5	Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version…	Mar 3, 2026	›
CVE-2023-34429	HIGH	7.5	Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for …	Jul 19, 2023	›
CVE-2023-35134	HIGH	7.4	Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding ac…	Jul 19, 2023	›
CVE-2023-37362	HIGH	7.2	Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to log…	Jul 19, 2023	›