VYPR

ME-RTU

by Mitsubishielectric

CVEs (7)

  • CVE-2019-14931CriOct 28, 2019
    risk 0.71cvss 9.8epss 0.58

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user…

  • CVE-2019-14930CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the…

  • CVE-2019-14929CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak…

  • CVE-2019-14926CriOct 28, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial…

  • CVE-2019-14927HigOct 28, 2019
    risk 0.55cvss 7.5epss 0.42

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such…

  • CVE-2019-14925MedOct 28, 2019
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as…

  • CVE-2019-14928MedOct 28, 2019
    risk 0.39cvss 5.4epss 0.44

    An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input…