Vulnerabilites related to mitsubishielectric - smartrtu_firmware
cve-2019-14929
Vulnerability from cvelistv5
Published
2019-10-28 12:11
Modified
2024-09-10 17:11
Severity ?
EPSS score ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:51.767Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/?p=3593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:11:52.794131", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.mogozobo.com/", }, { url: "https://www.mogozobo.com/?p=3593", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14929", datePublished: "2019-10-28T12:11:44", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-09-10T17:11:52.794131", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14926
Vulnerability from cvelistv5
Published
2019-10-28 12:10
Modified
2024-09-10 17:08
Severity ?
EPSS score ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:51.746Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/?p=3593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:08:12.590855", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.mogozobo.com/", }, { url: "https://www.mogozobo.com/?p=3593", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14926", datePublished: "2019-10-28T12:10:13", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-09-10T17:08:12.590855", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14928
Vulnerability from cvelistv5
Published
2019-10-28 12:09
Modified
2024-09-10 17:10
Severity ?
EPSS score ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:52.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/?p=3593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:10:56.429899", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.mogozobo.com/", }, { url: "https://www.mogozobo.com/?p=3593", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14928", datePublished: "2019-10-28T12:09:14", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-09-10T17:10:56.429899", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14931
Vulnerability from cvelistv5
Published
2019-10-28 12:07
Modified
2024-09-10 17:04
Severity ?
EPSS score ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:52.474Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/?p=3593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:04:23.308312", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.mogozobo.com/", }, { url: "https://www.mogozobo.com/?p=3593", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14931", datePublished: "2019-10-28T12:07:23", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-09-10T17:04:23.308312", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14925
Vulnerability from cvelistv5
Published
2019-10-28 12:12
Modified
2024-09-10 17:06
Severity ?
EPSS score ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:52.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/?p=3593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:06:17.053677", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.mogozobo.com/", }, { url: "https://www.mogozobo.com/?p=3593", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14925", datePublished: "2019-10-28T12:12:34", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-09-10T17:06:17.053677", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14930
Vulnerability from cvelistv5
Published
2019-10-28 12:10
Modified
2024-09-10 17:02
Severity ?
EPSS score ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:52.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/?p=3593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:02:59.676467", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.mogozobo.com/", }, { url: "https://www.mogozobo.com/?p=3593", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14930", datePublished: "2019-10-28T12:10:55", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-09-10T17:02:59.676467", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16060
Vulnerability from cvelistv5
Published
2021-10-15 19:04
Modified
2024-09-11 14:16
Severity ?
EPSS score ?
Summary
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:10:05.835Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-16060", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T14:16:36.697589Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-11T14:16:49.445Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:00:08.334269", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH", }, { url: "http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16060", datePublished: "2021-10-15T19:04:21", dateReserved: "2018-08-28T00:00:00", dateUpdated: "2024-09-11T14:16:49.445Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16061
Vulnerability from cvelistv5
Published
2021-10-15 19:04
Modified
2024-09-11 14:15
Severity ?
EPSS score ?
Summary
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:10:05.735Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-16061", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T14:11:51.263415Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-11T14:15:21.830Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:01:21.915064", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv", }, { url: "http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16061", datePublished: "2021-10-15T19:04:31", dateReserved: "2018-08-28T00:00:00", dateUpdated: "2024-09-11T14:15:21.830Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14927
Vulnerability from cvelistv5
Published
2019-10-28 12:08
Modified
2024-09-10 17:10
Severity ?
EPSS score ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:52.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.mogozobo.com/?p=3593", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T17:10:01.107018", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.mogozobo.com/", }, { url: "https://www.mogozobo.com/?p=3593", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14927", datePublished: "2019-10-28T12:08:22", dateReserved: "2019-08-10T00:00:00", dateUpdated: "2024-09-10T17:10:01.107018", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-10-28 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.mogozobo.com/ | Third Party Advisory | |
| cve@mitre.org | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | * | |
| mitsubishielectric | smartrtu | - | |
| inea | me-rtu_firmware | * | |
| inea | me-rtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", versionEndIncluding: "2.02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDC6C049-B15B-4FC2-9DDF-915381E6D114", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7F8299-4A9C-4B93-A35A-68C6D43855CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.", }, { lang: "es", value: "Se descubrió un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta la versión 2.02 y los dispositivos INEA ME-RTU versiones hasta la versión 3.0. Un archivo de configuración /usr/smartrtu/init/settings.xml de tipo world-readable en el sistema de archivos le permite al atacante leer ajustes de configuración confidencial tales como nombres de usuario, contraseñas y otros datos confidenciales de la RTU debido a una asignación de permisos no seguros.", }, ], id: "CVE-2019-14925", lastModified: "2024-11-21T04:27:41.697", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T13:15:10.600", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-276", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.mogozobo.com/ | Third Party Advisory | |
| cve@mitre.org | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | * | |
| mitsubishielectric | smartrtu | - | |
| inea | me-rtu_firmware | * | |
| inea | me-rtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", versionEndIncluding: "2.02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDC6C049-B15B-4FC2-9DDF-915381E6D114", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7F8299-4A9C-4B93-A35A-68C6D43855CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data).", }, { lang: "es", value: "Se descubrió un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta la versión 2.02 y los dispositivos INEA ME-RTU versiones hasta la versión 3.0. Una vulnerabilidad de descarga de configuración remota no autenticada permite a un atacante descargar el archivo de configuración de smartRTU (que contiene datos como nombres de usuario, contraseñas y otros datos confidenciales de RTU).", }, ], id: "CVE-2019-14927", lastModified: "2024-11-21T04:27:41.993", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T13:15:10.773", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, { lang: "en", value: "CWE-425", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.mogozobo.com/ | Third Party Advisory | |
| cve@mitre.org | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | * | |
| mitsubishielectric | smartrtu | - | |
| inea | me-rtu_firmware | * | |
| inea | me-rtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", versionEndIncluding: "2.02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDC6C049-B15B-4FC2-9DDF-915381E6D114", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7F8299-4A9C-4B93-A35A-68C6D43855CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.", }, { lang: "es", value: "Se descubrió un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta la verisón 2.02 y los dispositivos INEA ME-RTU versiones hasta la versión 3.0. Una serie de vulnerabilidades de tipo cross-site script (XSS) almacenado permiten a un atacante inyectar código malicioso directamente en la aplicación. Un ejemplo de variable de entrada vulnerable a XSS almacenado es SerialInitialModemString en la página del archivo index.php.", }, ], id: "CVE-2019-14928", lastModified: "2024-11-21T04:27:42.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T13:15:10.837", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-15 20:15
Modified
2024-11-21 03:52
Severity ?
Summary
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | - | |
| mitsubishielectric | smartrtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FC7E0EA8-7CB5-4F64-93D0-849B21863342", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.", }, { lang: "es", value: "Los dispositivos Mitsubishi Electric SmartRTU permiten a atacantes remotos conseguir información confidencial (listado de directorios y código fuente) por medio de una petición directa al URI /web", }, ], id: "CVE-2018-16060", lastModified: "2024-11-21T03:52:01.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-15T20:15:07.670", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/164538/Mitsubishi-Electric-INEA-SmartRTU-Source-Code-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://drive.google.com/open?id=1QMHwTnBbIqrTkR0NEpnTKssYdi8vRsHH", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-425", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.mogozobo.com/ | Third Party Advisory | |
| cve@mitre.org | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | * | |
| mitsubishielectric | smartrtu | - | |
| inea | me-rtu_firmware | * | |
| inea | me-rtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", versionEndIncluding: "2.02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDC6C049-B15B-4FC2-9DDF-915381E6D114", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7F8299-4A9C-4B93-A35A-68C6D43855CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)", }, { lang: "es", value: "Se descubrió un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta la versión 2.02 y los dispositivos INEA ME-RTU versiones hasta 3.0. Las contraseñas de usuario embebidas no documentadas para root, ineaadmin, mitsadmin y maint podrían permitir a un atacante conseguir acceso no autorizado a la RTU. (Además, las cuentas ineaadmin y mitsadmin pueden escalar privilegios a root sin suministrar una contraseña debido a entradas no seguras en /etc/sudoers en la RTU).", }, ], id: "CVE-2019-14930", lastModified: "2024-11-21T04:27:42.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T13:15:10.993", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-15 20:15
Modified
2024-11-21 03:52
Severity ?
Summary
Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | - | |
| mitsubishielectric | smartrtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "FC7E0EA8-7CB5-4F64-93D0-849B21863342", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.", }, { lang: "es", value: "Los dispositivos Mitsubishi Electric SmartRTU permiten un ataque de tipo XSS por medio del parámetro username o PATH_INFO a el archivo login.php", }, ], id: "CVE-2018-16061", lastModified: "2024-11-21T03:52:01.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-15T20:15:07.720", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/164537/Mitsubishi-Electric-INEA-SmartRTU-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://drive.google.com/open?id=1DEZQqfpIgcflY2cF6O0y7vtlWYe8Wjjv", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.mogozobo.com/ | Third Party Advisory | |
| cve@mitre.org | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | * | |
| mitsubishielectric | smartrtu | - | |
| inea | me-rtu_firmware | * | |
| inea | me-rtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", versionEndIncluding: "2.02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDC6C049-B15B-4FC2-9DDF-915381E6D114", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7F8299-4A9C-4B93-A35A-68C6D43855CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites.", }, { lang: "es", value: "Se detectó un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta la versión 2.02 y los dispositivos INEA ME-RTU versiones hasta la versión 3.0. Las claves SSH embebidas permiten a un atacante conseguir acceso no autorizado o divulgar datos cifrados en la RTU debido a que las claves no son regeneradas en la instalación inicial o con las actualizaciones de firmware. En otras palabras, estos dispositivos usan valores de clave privada en los archivos /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, y /etc/ssh/ssh_host_dsa_key, que están disponibles públicamente en los sitios web del proveedor.", }, ], id: "CVE-2019-14926", lastModified: "2024-11-21T04:27:41.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T13:15:10.697", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-798", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.mogozobo.com/ | Third Party Advisory | |
| cve@mitre.org | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | * | |
| mitsubishielectric | smartrtu | - | |
| inea | me-rtu_firmware | * | |
| inea | me-rtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", versionEndIncluding: "2.02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDC6C049-B15B-4FC2-9DDF-915381E6D114", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7F8299-4A9C-4B93-A35A-68C6D43855CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.", }, { lang: "es", value: "Se descubrió un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta 2.02 y los dispositivos INEA ME-RTU versiones hasta 3.0. Las contraseñas de texto sin cifrar almacenadas podrían permitir a un atacante no autenticado obtener combinaciones de nombre de usuario y contraseña configuradas en la RTU debido a una gestión de credenciales débiles en la RTU. Un usuario no autenticado puede obtener las credenciales de contraseña expuestas para conseguir acceso a los siguientes servicios: servicio DDNS, Mobile Network Provider y servicio OpenVPN.", }, ], id: "CVE-2019-14929", lastModified: "2024-11-21T04:27:42.290", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T13:15:10.897", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-522", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-28 13:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.mogozobo.com/ | Third Party Advisory | |
| cve@mitre.org | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mogozobo.com/?p=3593 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mitsubishielectric | smartrtu_firmware | * | |
| mitsubishielectric | smartrtu | - | |
| inea | me-rtu_firmware | * | |
| inea | me-rtu | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166", versionEndIncluding: "2.02", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF90DA0-55C7-4765-9DEE-80145752961D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DDC6C049-B15B-4FC2-9DDF-915381E6D114", versionEndIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*", matchCriteriaId: "FD7F8299-4A9C-4B93-A35A-68C6D43855CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.", }, { lang: "es", value: "Se descubrió un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta las versión 2.02 y los dispositivos INEA ME-RTU versiones hasta la versión 3.0. Una vulnerabilidad de inyección de comandos de Sistema Operativo remota no autenticada permite a un atacante ejecutar comandos arbitrarios en la RTU debido al paso de datos no seguros suministrados por el usuario hacia el shell del sistema de la RTU. Una funcionalidad en el archivo mobile.php provee a usuarios la capacidad de hacer ping a sitios o direcciones IP por medio de Mobile Connection Test. Cuando la Mobile Connection Test es enviada, se llama al archivo action.php para ejecutar la prueba. Un atacante puede utilizar un separador de comandos de shell (;) en la variable del host para ejecutar comandos del sistema operativo sobre el envío de los datos de prueba.", }, ], id: "CVE-2019-14931", lastModified: "2024-11-21T04:27:42.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-28T13:15:11.053", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.mogozobo.com/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.mogozobo.com/?p=3593", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }