CVE-2019-14930
CRITICALMitsubishi Electric and INEA ME-RTU Firmware < 2.02 and < 3.0 - Use of Hard-coded Credentials
Title source: llmDescription
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)
References (2)
Core 2
Core References
Third Party Advisory
https://www.mogozobo.com/
Exploit, Third Party Advisory
https://www.mogozobo.com/?p=3593
Scores
CVSS v3
9.8
EPSS
0.0039
EPSS Percentile
60.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
inea/me-rtu_firmware
< 3.0
mitsubishielectric/smartrtu_firmware
< 2.02
Published
Oct 28, 2019
Tracked Since
Feb 18, 2026