CVE-2019-14929
CRITICALMitsubishi Electric and INEA ME-RTU Firmware < 2.02 and < 3.0 - Unauthenticated Cleartext Password Exposure
Title source: llmDescription
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.
References (2)
Core 2
Core References
Third Party Advisory
https://www.mogozobo.com/
Exploit, Third Party Advisory
https://www.mogozobo.com/?p=3593
Scores
CVSS v3
9.8
EPSS
0.0215
EPSS Percentile
84.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-522
Status
published
Products (2)
inea/me-rtu_firmware
< 3.0
mitsubishielectric/smartrtu_firmware
< 2.02
Published
Oct 28, 2019
Tracked Since
Feb 18, 2026