cbcvebase.
CVE-2019-14927
published 2019-10-28

CVE-2019-14927: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote…

PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
41.85%
98.5th percentile
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).

Affected

2 ranges
VendorProductVersion rangeFixed in
ineame-rtu_firmware<= 3.0
mitsubishielectricsmartrtu_firmware<= 2.02

Detection & IOCsextracted from sources · hover to see the quote

path/saveSettings.php
filenamesmartRTU_conf.xml
  • Detect unauthenticated HTTP GET requests to /saveSettings.php on ME-RTU devices, which triggers download of the device configuration file containing credentials.
  • Any HTTP 200 response from /saveSettings.php to an external/untrusted host indicates successful unauthenticated configuration exfiltration.
  • The downloaded configuration file is an XML document containing usernames, passwords, and other sensitive RTU data — monitor for outbound transfers of XML files from RTU devices.
  • ·Affected firmware versions are Mitsubishi Electric ME-RTU through 2.02 and INEA ME-RTU through 3.0; detections should be scoped to these device types.
  • ·The exploit requires no authentication — any unauthenticated HTTP GET to /saveSettings.php is sufficient to retrieve the full configuration.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.