CVE-2024-55022 is an authenticated command injection vulnerability identified in the Weintek cMT-3072XH2 easyweb interface version 2.1.53 running OS version 20231011. The vulnerability arises from improper input validation or sanitization of the HMI Name parameter, which is used in the human-machine interface configuration. An attacker with valid credentials can inject malicious commands through this parameter, leading to arbitrary command execution on the underlying operating system. This type of vulnerability is classified under CWE-94 (Improper Control of Generation of Code). The CVSS v3.1 base score of 8.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no requirement for user interaction. The vulnerability scope is unchanged, meaning the impact is confined to the vulnerable component but can lead to full system compromise. Although no public exploits have been reported, the potential for damage in industrial environments is significant due to the critical role of HMIs in operational technology. The lack of available patches at the time of reporting necessitates immediate mitigation efforts by affected organizations.

The vulnerability allows authenticated attackers to execute arbitrary commands on the Weintek cMT-3072XH2 device, potentially leading to full system compromise. This can result in unauthorized disclosure of sensitive operational data, manipulation or disruption of industrial processes, and denial of service conditions. Given the device's role in industrial control systems, exploitation could cause physical damage, safety hazards, and operational downtime. The high CVSS score indicates severe consequences for confidentiality, integrity, and availability. Organizations relying on these HMIs for critical infrastructure or manufacturing automation face increased risk of targeted attacks, especially from threat actors aiming to disrupt industrial operations or conduct espionage. The absence of known exploits currently limits immediate widespread impact, but the vulnerability remains a significant risk if weaponized.

1. Immediately restrict access to the Weintek cMT-3072XH2 easyweb interface to trusted networks and users only, using network segmentation and firewall rules. 2. Enforce strong authentication mechanisms and regularly review user accounts to minimize the risk of credential compromise. 3. Monitor device logs and network traffic for unusual command execution patterns or unauthorized access attempts. 4. If possible, disable or limit the use of the HMI Name parameter or any configuration interfaces that accept user input until a patch is available. 5. Engage with Weintek support or vendors for updates or patches addressing this vulnerability and apply them as soon as they are released. 6. Implement application-layer filtering or intrusion detection/prevention systems capable of detecting command injection attempts targeting the HMI interface. 7. Conduct regular security assessments and penetration tests on industrial control devices to identify and remediate similar vulnerabilities proactively.