An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.mogozobo.com/ | |
https://www.mogozobo.com/?p=3593 |
History
Tue, 10 Sep 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. | An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment. |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-10-28T12:12:34
Updated: 2024-09-10T17:06:17.053677
Reserved: 2019-08-10T00:00:00
Link: CVE-2019-14925
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-10-28T13:15:10.600
Modified: 2024-11-21T04:27:41.697
Link: CVE-2019-14925
Redhat
No data.