CVE-2024-55027 identifies a critical security vulnerability in the Weintek cMT-3072XH2 easyweb version 2.1.53 running OS version 20231011. The vulnerability arises from the device storing user credentials in plaintext within the uac_temp.db database file. This insecure storage practice violates basic security principles and exposes sensitive authentication data to any attacker who can access this file remotely over the network. The vulnerability requires no authentication or user interaction, making it highly exploitable. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates that an attacker can remotely access the plaintext credentials with low attack complexity and no privileges or user interaction needed. The impact is primarily on confidentiality, as attackers can retrieve credentials and potentially leverage them to gain unauthorized access to the device or connected systems. The vulnerability is categorized under CWE-798, which highlights the risk of storing credentials insecurely. Although no known exploits are currently in the wild and no patches have been released, the risk remains significant due to the ease of exploitation and the sensitive nature of the data exposed. The affected device is commonly used in industrial automation and HMI (Human Machine Interface) environments, where credential compromise can lead to broader operational security risks.

The primary impact of CVE-2024-55027 is the compromise of credential confidentiality, which can lead to unauthorized access to the Weintek cMT-3072XH2 device and potentially to connected industrial control systems. This can enable attackers to manipulate device configurations, disrupt industrial processes, or pivot to other networked systems, increasing the risk of operational disruption or espionage. Since the vulnerability requires no authentication or user interaction, it significantly lowers the barrier for attackers to exploit it remotely. Organizations relying on these devices for critical infrastructure or manufacturing automation face increased risk of data breaches and operational downtime. The lack of patches increases exposure time, and the plaintext storage of credentials may facilitate credential harvesting and lateral movement within networks. This vulnerability could also undermine trust in industrial automation security, especially in sectors where Weintek devices are prevalent.

1. Immediately restrict network access to the affected Weintek cMT-3072XH2 devices by implementing network segmentation and firewall rules to limit exposure to trusted management networks only. 2. Monitor network traffic for unauthorized access attempts to the device and the uac_temp.db file. 3. Use VPNs or secure tunnels for remote access to reduce risk of interception. 4. Regularly audit and rotate credentials used on these devices to minimize the impact of potential credential leakage. 5. Employ host-based intrusion detection systems (HIDS) to detect unauthorized file access or modifications. 6. Engage with Weintek support or vendors to obtain security advisories and patches as soon as they become available. 7. Consider deploying additional authentication layers or credential vaulting solutions if supported by the device or surrounding infrastructure. 8. Educate operational technology (OT) and IT teams about the risks of plaintext credential storage and the importance of secure credential management in industrial environments.