CVE-2019-14927

{"id": "CVE-2019-14927", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-10-28T13:15:10.773", "references": [{"url": "https://www.mogozobo.com/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.mogozobo.com/?p=3593", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}, {"lang": "en", "value": "CWE-425"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data)."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta la versi\u00f3n 2.02 y los dispositivos INEA ME-RTU versiones hasta la versi\u00f3n 3.0. Una vulnerabilidad de descarga de configuraci\u00f3n remota no autenticada permite a un atacante descargar el archivo de configuraci\u00f3n de smartRTU (que contiene datos como nombres de usuario, contrase\u00f1as y otros datos confidenciales de RTU)."}], "lastModified": "2024-09-10T17:15:14.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", "versionEndIncluding": "2.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1EF90DA0-55C7-4765-9DEE-80145752961D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDC6C049-B15B-4FC2-9DDF-915381E6D114", "versionEndIncluding": "3.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD7F8299-4A9C-4B93-A35A-68C6D43855CC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}