CVE-2019-14927
published 2019-10-28CVE-2019-14927: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
41.85%
98.5th percentile
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inea | me-rtu_firmware | <= 3.0 | — |
| mitsubishielectric | smartrtu_firmware | <= 2.02 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to /saveSettings.php on ME-RTU devices, which triggers download of the device configuration file containing credentials. ↗
- →Any HTTP 200 response from /saveSettings.php to an external/untrusted host indicates successful unauthenticated configuration exfiltration. ↗
- →The downloaded configuration file is an XML document containing usernames, passwords, and other sensitive RTU data — monitor for outbound transfers of XML files from RTU devices. ↗
- ·Affected firmware versions are Mitsubishi Electric ME-RTU through 2.02 and INEA ME-RTU through 3.0; detections should be scoped to these device types. ↗
- ·The exploit requires no authentication — any unauthenticated HTTP GET to /saveSettings.php is sufficient to retrieve the full configuration. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xp5g-v8fx-97mv: An issue was discovered on Mitsubishi Electric ME-RTU devices through 2
ghsa_unreviewed·2022-05-24
CVE-2019-14927 [HIGH] CWE-200 GHSA-xp5g-v8fx-97mv: An issue was discovered on Mitsubishi Electric ME-RTU devices through 2
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
VulnCheck
mitsubishielectric smartrtu_firmware Missing Authentication for Critical Function
vulncheck·2019·CVSS 7.5
CVE-2019-14927 [HIGH] mitsubishielectric smartrtu_firmware Missing Authentication for Critical Function
mitsubishielectric smartrtu_firmware Missing Authentication for Critical Function
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
Affected: mitsubishielectric smartrtu_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/echobot-malware-now-up-to-71-exploits--targeting-scada; https://www.researchgate.net/publication/34
CISA ICS
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
cisa_ics·2019-09-10·CVSS 7.5
[HIGH] Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU
Last RevisedSeptember 09, 2021
Alert CodeICSA-21-252-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Mitsubishi Electric Europe B.V.
- Equipment: smartRTU and INEA ME-RTU
- Vulnerabilities: OS Command Injection, Improper Access Control, Cross-site Scripting, Use of Hard-coded Credentials, Unprotected Storage of Credentials, Incorrect Default Permissions
## 2. REPOSTED INFORMATION
This advisory is a follow-up to a CISA product update titled ICS-ALERT-19-225-01
No detection rules found.
No writeups or analysis indexed.
2019-10-28
Published
Exploited in the wild