CVE-2018-16061

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric SmartRTU (affected versions not specified)

Description The issue is related to the lack of protection for the web page structure in Mitsubishi Electric SmartRTU, allowing an attacker to conduct cross-site scripting attacks. This can be achieved by executing the login.php script with the username or PATH INFO parameters.

Recommendations For all affected versions, consider disabling access to the login.php script until a patch is available. Restrict input for the username parameter and PATH INFO to minimize the risk of exploitation. Avoid using the username parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.