Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14929

Опубликовано: 28 окт. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*
Версия до 2.02 (включая)
cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*
Версия до 3.0 (включая)
cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.0215
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

github логотип

GHSA-9r4h-2cr5-xvhv

CVSS3: 9.8
github
больше 3 лет назад

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.

EPSS

Процентиль: 84%
0.0215
Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522