CVE-2019-14930

EUVD-2019-6028
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
mitsubishielectricsmartrtu_firmware
𝑥
≤ 2.02
ineame-rtu_firmware
𝑥
≤ 3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.mogozobo.com/
https://www.mogozobo.com/?p=3593
https://www.mogozobo.com/
https://www.mogozobo.com/?p=3593