PT-2019-13869 · Mitsubishi · Me-Rtu
Published
2019-10-28
·
Updated
2024-09-10
·
CVE-2019-14927
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier
INEA ME-RTU devices versions 3.0 and earlier
Description
An unauthenticated remote configuration download issue allows an attacker to download the smartRTU's configuration file, which contains sensitive data such as usernames, passwords, and other RTU data.
Recommendations
For Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier, consider restricting access to the configuration download feature until a patch is available.
For INEA ME-RTU devices versions 3.0 and earlier, consider disabling remote configuration downloads as a temporary workaround until a fix is provided.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Me-Rtu