CVE-2019-14925

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
References
Link Resource
https://www.mogozobo.com/ Third Party Advisory
https://www.mogozobo.com/?p=3593 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*
cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*

History

10 Sep 2024, 17:15

Type Values Removed Values Added
Summary (en) An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. (en) An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.

Information

Published : 2019-10-28 13:15

Updated : 2024-09-10 17:15


NVD link : CVE-2019-14925

Mitre link : CVE-2019-14925

CVE.ORG link : CVE-2019-14925


JSON object : View

Products Affected

inea

  • me-rtu
  • me-rtu_firmware

mitsubishielectric

  • smartrtu_firmware
  • smartrtu
CWE
CWE-276

Incorrect Default Permissions