ICSA-21-082-01 · Published 2021-03-23 · View on CISA ICS-CERT ↗

Weintek EasyWeb cMT

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to access sensitive information and execute arbitrary code to gain root privileges.

CVEs (3)

CVE-2021-27446 CVE-2021-27444 CVE-2021-27442

Remediations

Weintek has released OS upgrades for the affected products. Refer to Weintek's Technical Notice regarding these vulnerabilities.

Affected Vendors

Weintek

Affected Products (7)

Weintek · cMT-CTRL01 < 20210302

Weintek · cMT-SVR-1xx/2xx < 20210305

Weintek · cMT-G01/G02 < 20210209

Weintek · cMT-G03/G04 < 20210222

Weintek · cMT3071/cMT3072/cMT3090/cMT3103/cMT3151 < 20210218

Weintek · cMT-FHD < 20210208

Weintek · cMT-HDM < 20210204

Affected Sectors

Commercial Facilities, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more