CISA’s CSAF advisory for CVE-2025-14751 describes an authentication bypass in Weintek cMT X Series HMI EasyWeb Service. A low-privileged user can bypass account credentials without confirming the user’s current authentication state, which may lead to unauthorized privilege escalation. The advisory lists affected models including cMT3072XH, cMT3072XH(T), cMT-SVRX-820, and cMT-CTRL01, and provides vendor-fi [truncated]
CVE-2025-14750 is a HIGH-severity issue in Weintek’s cMT X Series HMI EasyWeb Service. According to CISA’s advisory published on 2026-01-22, the web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user may be able to modify parameters and potentially manipulate account-level privileges. Weintek lists fixed versions [truncated]
