In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via the upload and download functionality of the web service. This may lead to full control of the...
8.8CVSS
8.6AI Score
0.001EPSS
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web...
7.5CVSS
7.3AI Score
0.017EPSS
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to...
6.1CVSS
6AI Score
0.001EPSS
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...
9.8CVSS
10AI Score
0.012EPSS
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script (XSS) vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is....
5.4CVSS
5.3AI Score
0.001EPSS
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and...
9.8CVSS
9.7AI Score
0.005EPSS
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other....
6.5CVSS
6.3AI Score
0.001EPSS
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU....
9.8CVSS
9.5AI Score
0.006EPSS
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and...
7.5CVSS
7.5AI Score
0.021EPSS
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...
9.8CVSS
9.5AI Score
0.005EPSS