CVE-2018-16060

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Europe B.V. SmartRTU devices (affected versions not specified)

Description The issue allows remote attackers to obtain sensitive information, including directory listings and source code, by making a direct request to the "/web" URI. This is a significant concern as it could potentially expose internal implementation details or sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the "/web" URI to minimize the risk of exploitation. Avoid using the "/web" URI in production environments until the issue is resolved.