Inea Me-Rtu Firmware vulnerabilities
7 known vulnerabilities affecting inea/me-rtu_firmware.
Total CVEs
7
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2019-14931P1CRITICALCVSS 9.8ExploitedPoC≤ 3.02019-10-28
CVE-2019-14931 [CRITICAL] CWE-78 CVE-2019-14931: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php pr
nvd
CVE-2019-14927P1HIGHCVSS 7.5ExploitedPoC≤ 3.02019-10-28
CVE-2019-14927 [HIGH] CWE-306 CVE-2019-14927: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
nvd
CVE-2019-14929P2CRITICALCVSS 9.8≤ 3.02019-10-28
CVE-2019-14929 [CRITICAL] CWE-522 CVE-2019-14929: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the e
nvd
CVE-2019-14930P2CRITICALCVSS 9.8≤ 3.02019-10-28
CVE-2019-14930 [CRITICAL] CWE-798 CVE-2019-14930: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to r
nvd
CVE-2019-14926P3CRITICALCVSS 9.8≤ 3.02019-10-28
CVE-2019-14926 [CRITICAL] CWE-798 CVE-2019-14926: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use
nvd
CVE-2019-14928P3MEDIUMCVSS 5.4≤ 3.02019-10-28
CVE-2019-14928 [MEDIUM] CWE-79 CVE-2019-14928: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php
nvd
CVE-2019-14925P3MEDIUMCVSS 6.5≤ 3.02019-10-28
CVE-2019-14925 [MEDIUM] CWE-276 CVE-2019-14925: An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-R
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permi
nvd