smartRTU
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3128 | Cri | 0.64 | 9.8 | 0.00 | Aug 21, 2025 | A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product. | ||
| CVE-2018-16060 | 0.04 | — | 0.11 | Oct 15, 2021 | Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI. | |||
| CVE-2018-16061 | 0.03 | — | 0.01 | Oct 15, 2021 | Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php. |
- risk 0.64cvss 9.8epss 0.00
A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product.
- CVE-2018-16060Oct 15, 2021risk 0.04cvss —epss 0.11
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
- CVE-2018-16061Oct 15, 2021risk 0.03cvss —epss 0.01
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.