ByteOS Network

NVD Vulnerability Details :

CVE-2019-14930

Modified

Source-cve@mitre.org

Published At-28 Oct, 2019 | 13:15

Updated At-10 Sep, 2024 | 17:15

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Mitsubishi Electric Corporation

>>smartrtu_firmware>>Versions up to 2.02(inclusive)

cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*

Mitsubishi Electric Corporation

>>smartrtu>>-

cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*

inea>>me-rtu>>-

cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*

inea>>me-rtu_firmware>>Versions up to 3.0(inclusive)

cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-798	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.mogozobo.com/	cve@mitre.org	Third Party Advisory
https://www.mogozobo.com/?p=3593	cve@mitre.org	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History