CVE-2019-14927

HIGH EXPLOITED IN THE WILD

Mitsubishielectric Smartrtu Firmware < 2.02 - Missing Authentication

Title source: rule

Description

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).

Exploits (1)

exploitdb WORKING POC

by xerubus · pythonwebappsphp

https://www.exploit-db.com/exploits/47234

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://www.mogozobo.com/

[Exploit, Third Party Advisory] https://www.mogozobo.com/?p=3593

Scores

CVSS v3 7.5

EPSS 0.2533

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2019-12-17

InTheWild.io 2019-12-17

CWE

CWE-306 CWE-425

Status published

Products (2)

inea/me-rtu_firmware < 3.0

mitsubishielectric/smartrtu_firmware < 2.02

Published Oct 28, 2019

Tracked Since Feb 18, 2026