CVE-2019-14925

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
mitsubishielectricsmartrtu_firmware
𝑥
≤ 2.02
ineame-rtu_firmware
𝑥
≤ 3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.mogozobo.com/
https://www.mogozobo.com/?p=3593
https://www.mogozobo.com/
https://www.mogozobo.com/?p=3593