Vulnerability Description
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Smartrtu Firmware | <= 2.02 |
| Mitsubishielectric | Smartrtu | - |
| Inea | Me-Rtu Firmware | <= 3.0 |
| Inea | Me-Rtu | - |
Related Weaknesses (CWE)
References
- https://www.mogozobo.com/Third Party Advisory
- https://www.mogozobo.com/?p=3593ExploitThird Party Advisory
- https://www.mogozobo.com/Third Party Advisory
- https://www.mogozobo.com/?p=3593ExploitThird Party Advisory
FAQ
What is CVE-2019-14925?
CVE-2019-14925 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the f...
How severe is CVE-2019-14925?
CVE-2019-14925 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14925?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Smartrtu Firmware, Mitsubishielectric Smartrtu, Inea Me-Rtu Firmware, Inea Me-Rtu.