Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14925

Опубликовано: 28 окт. 2019
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*
Версия до 2.02 (включая)
cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*
Версия до 3.0 (включая)
cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*

EPSS

Процентиль: 50%
0.00266
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

github логотип

GHSA-gqfm-cqpj-28j8

CVSS3: 6.5
github
больше 3 лет назад

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.

EPSS

Процентиль: 50%
0.00266
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-276