An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.
CPE | Name | Operator | Version |
---|---|---|---|
me-rtu_firmware | le | 3.0 | |
smartrtu_firmware | le | 2.02 |