CVE-2019-14928

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.
References
Link Resource
https://www.mogozobo.com/ Third Party Advisory
https://www.mogozobo.com/?p=3593 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*
cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*
cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*

History

10 Sep 2024, 18:15

Type Values Removed Values Added
Summary (en) An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page. (en) An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.

Information

Published : 2019-10-28 13:15

Updated : 2024-09-10 18:15


NVD link : CVE-2019-14928

Mitre link : CVE-2019-14928

CVE.ORG link : CVE-2019-14928


JSON object : View

Products Affected

inea

  • me-rtu_firmware
  • me-rtu

mitsubishielectric

  • smartrtu
  • smartrtu_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')