PT-2019-13870 · Mitsubishi · Me-Rtu
Published
2019-10-28
·
Updated
2024-09-10
·
CVE-2019-14928
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier
INEA ME-RTU devices versions 3.0 and earlier
Description
An issue allows an attacker to inject malicious code directly into the application through stored cross-site script (XSS) vulnerabilities. The
SerialInitialModemString variable in the "index.php" page is vulnerable to stored XSS.Recommendations
For Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier, consider disabling access to the "index.php" page until a fix is available.
For INEA ME-RTU devices versions 3.0 and earlier, restrict input for the
SerialInitialModemString variable to prevent malicious code injection.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Me-Rtu