Weintek cMT-3072XH2 human-machine interfaces are vulnerable to a critical command injection flaw that allows remote attackers to gain full root access to the device.

The DHCP activation feature in the easyweb interface fails to properly sanitize input, leading to a command injection vulnerability. A remote attacker can exploit this to execute arbitrary system commands with root-level privileges.

With a CVSS score of 9.8, this vulnerability poses a significant risk to industrial control systems. An attacker with root access can manipulate the HMI, disrupt industrial processes, steal sensitive configuration data, or use the device as a pivot point to attack the wider OT network.

Immediate Action: Update the device firmware to the latest version provided by Weintek. Disable the easyweb interface if it is not required for daily operations.

Proactive Monitoring: Monitor network traffic for unusual outbound connections from the HMI and review web access logs for suspicious characters in DHCP-related requests.

Compensating Controls: Isolate HMI devices on a dedicated VLAN and use a firewall to restrict access to the web management interface to authorized workstations only.

Public Exploit Available: No

Command injection on an industrial HMI is a critical threat to physical safety and operational continuity. Apply firmware updates immediately and ensure these devices are never exposed directly to the public internet.