CVE-2024-55027 identifies a security vulnerability in the Weintek cMT-3072XH2 easyweb device, specifically version 2.1.53 running OS version 20231011. The vulnerability arises from the device storing user credentials in plaintext within the uac_temp.db component, a database file used internally by the system. Storing credentials in plaintext means that anyone who can access this file can directly read usernames and passwords without needing to bypass encryption or hashing protections. This represents a critical failure in secure credential management practices. The vulnerability does not require user interaction to exploit but does require some level of access to the device’s file system or backup data. While no public exploits or active attacks have been reported, the exposure of plaintext credentials could allow attackers to escalate privileges, move laterally within networks, or disrupt industrial control processes. The affected device is commonly used in industrial automation and human-machine interface (HMI) applications, which are critical infrastructure components. The absence of a CVSS score limits formal severity classification, but the direct exposure of credentials is a serious security flaw. No patches or mitigations have been officially released at the time of this report, increasing the urgency for organizations to implement compensating controls.

The primary impact of this vulnerability is the compromise of confidentiality due to plaintext credential exposure. Attackers who gain access to the uac_temp.db file can harvest credentials, potentially allowing unauthorized access to the device and connected industrial control systems. This can lead to unauthorized command execution, data manipulation, or disruption of industrial processes, impacting operational integrity and availability. The vulnerability could facilitate lateral movement within industrial networks, increasing the risk of broader compromise. Organizations relying on Weintek cMT-3072XH2 devices in critical infrastructure sectors such as manufacturing, energy, and utilities face heightened risks of operational downtime, safety incidents, and financial losses. Additionally, regulatory compliance issues may arise from inadequate protection of authentication data. The lack of known exploits suggests limited current active threat but does not diminish the potential for future targeted attacks.

1. Immediately restrict access to the device’s file system and backup locations to trusted personnel only, using strong access controls and network segmentation. 2. Monitor and audit access logs for any unauthorized attempts to access the uac_temp.db file or related system components. 3. Implement network-level protections such as firewalls and intrusion detection systems to limit exposure of the device to untrusted networks. 4. If possible, disable or limit remote access features until a patch is available. 5. Contact Weintek support to inquire about official patches or firmware updates addressing this vulnerability and apply them promptly once released. 6. Consider encrypting backups and sensitive files containing authentication data as a temporary compensating control. 7. Educate operational technology (OT) staff about the risks of plaintext credential storage and enforce strong password policies. 8. Plan for credential rotation and device reconfiguration after patching to invalidate any potentially compromised credentials.