CVE-2019-14927

HIGH EXPLOITED IN THE WILD

Mitsubishi Electric and INEA ME-RTU Firmware < 2.02 and < 3.0 - Unauthenticated Sensitive Configuration Download

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-14927 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including xerubus.

AI-analyzed exploit summary This exploit downloads the configuration file from Mitsubishi Electric smartRTU and INEA ME-RTU devices via an unauthenticated HTTP request to '/saveSettings.php'. The configuration file is saved locally as 'smartRTU_conf.xml'.

Description

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).

Exploits (1)

exploitdb WORKING POC
by xerubus · pythonwebappsphp
https://www.exploit-db.com/exploits/47234

This exploit downloads the configuration file from Mitsubishi Electric smartRTU and INEA ME-RTU devices via an unauthenticated HTTP request to '/saveSettings.php'. The configuration file is saved locally as 'smartRTU_conf.xml'.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mitsubishi Electric smartRTU (2.02) & INEA ME-RTU (3.0)
No auth needed
Prerequisites: Network access to the target device · Target device must be running vulnerable firmware
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory
https://www.mogozobo.com/
Exploit, Third Party Advisory
https://www.mogozobo.com/?p=3593

Scores

CVSS v3 7.5
EPSS 0.4185
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2019-12-17
InTheWild.io 2019-12-17
CWE
CWE-306 CWE-425
Status published
Products (2)
inea/me-rtu_firmware < 3.0
mitsubishielectric/smartrtu_firmware < 2.02
Published Oct 28, 2019
Tracked Since Feb 18, 2026