Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14930

Опубликовано: 28 окт. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*
Версия до 2.02 (включая)
cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*
Версия до 3.0 (включая)
cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00389
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

github логотип

GHSA-xwpv-xmw2-88gc

CVSS3: 9.8
github
около 3 лет назад

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)

EPSS

Процентиль: 59%
0.00389
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798