PT-2019-13871 · Mitsubishi · Me-Rtu
Published
2019-10-28
·
Updated
2024-09-10
·
CVE-2019-14929
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier
INEA ME-RTU devices versions 3.0 and earlier
Description
An issue was discovered that allows an unauthenticated attacker to obtain configured username and password combinations due to weak credentials management. This could allow access to services such as DDNS, Mobile Network Provider, and OpenVPN.
Recommendations
For Mitsubishi Electric Europe B.V. ME-RTU devices versions 2.02 and earlier, consider restricting access to the affected services until a patch is available.
For INEA ME-RTU devices versions 3.0 and earlier, consider disabling the use of cleartext passwords for the affected services until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Me-Rtu