CVE-2019-14925
MEDIUMMitsubishielectric Smartrtu Firmware - Incorrect Default Permissions
Title source: ruleDescription
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
References (2)
Core 2
Core References
Third Party Advisory
https://www.mogozobo.com/
Exploit, Third Party Advisory
https://www.mogozobo.com/?p=3593
Scores
CVSS v3
6.5
EPSS
0.0027
EPSS Percentile
50.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (2)
inea/me-rtu_firmware
< 3.0
mitsubishielectric/smartrtu_firmware
< 2.02
Published
Oct 28, 2019
Tracked Since
Feb 18, 2026