An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is SerialInitialModemString in the index.php page.
CPE | Name | Operator | Version |
---|---|---|---|
me-rtu_firmware | le | 3.0 | |
smartrtu_firmware | le | 2.02 |