Vulnerabilities (CVE)

Filtered by vendor Mitsubishielectric Subscribe

Filtered by product Smartrtu Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-16061	1 Mitsubishielectric	2 Smartrtu, Smartrtu Firmware	2021-10-21	4.3 MEDIUM	6.1 MEDIUM
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2019-14928	2 Inea, Mitsubishielectric	4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more	2019-10-30	3.5 LOW	5.4 MEDIUM
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.
CVE-2019-14925	2 Inea, Mitsubishielectric	4 Me-rtu, Me-rtu Firmware, Smartrtu and 1 more	2019-10-30	4.0 MEDIUM	6.5 MEDIUM
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.