Vulnerability Description
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mitsubishielectric | Smartrtu Firmware | <= 2.02 |
| Mitsubishielectric | Smartrtu | - |
| Inea | Me-Rtu Firmware | <= 3.0 |
| Inea | Me-Rtu | - |
Related Weaknesses (CWE)
References
- https://www.mogozobo.com/Third Party Advisory
- https://www.mogozobo.com/?p=3593ExploitThird Party Advisory
- https://www.mogozobo.com/Third Party Advisory
- https://www.mogozobo.com/?p=3593ExploitThird Party Advisory
FAQ
What is CVE-2019-14928?
CVE-2019-14928 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker...
How severe is CVE-2019-14928?
CVE-2019-14928 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-14928?
Check the references section above for vendor advisories and patch information. Affected products include: Mitsubishielectric Smartrtu Firmware, Mitsubishielectric Smartrtu, Inea Me-Rtu Firmware, Inea Me-Rtu.