CVE-2019-14925

2019-10-28T13:15:00
ID CVE-2019-14925
Type cve
Reporter cve@mitre.org
Modified 2019-10-30T16:35:00

Description

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.