Vulnerability Details CVE-2019-14929
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2019-14929
-
cpe:2.3:h:inea:me-rtu:-
-
cpe:2.3:h:mitsubishielectric:smartrtu:-
-
cpe:2.3:o:inea:me-rtu_firmware:-
-
cpe:2.3:o:inea:me-rtu_firmware:3.0
-
cpe:2.3:o:mitsubishielectric:smartrtu_firmware:-
-
cpe:2.3:o:mitsubishielectric:smartrtu_firmware:2.02