CVE-2019-14927

moderate-risk

Published 2019-10-28

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).

Do I need to act?

25.3% chance of exploitation in next 30 days

EPSS score — higher than 75% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

47234

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Smartrtu Firmware

Me-Rtu Firmware

Affected Vendors

Mitsubishielectric Inea

References (4)

Third Party Advisory https://www.mogozobo.com/

Exploit https://www.mogozobo.com/?p=3593

Third Party Advisory https://www.mogozobo.com/

Exploit https://www.mogozobo.com/?p=3593

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 15/34 · Moderate

Exposure 7/34 · Low