91 matches found
The vulnerability of the microprogrammed remote terminal block INEA ME RTU lies in the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows a perpetrator to execute arbitrary operating system commands.
The vulnerability of the microprogrammed remote terminal block INEA ME RTU exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands...
INEA ME RTU
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : INEA Equipment : ME RTU Vulnerabilities : OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution...
INEA ME RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2023-2131)
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
CVE-2023-2131
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...
CVE-2023-2131
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...
Command injection
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...
CVE-2023-2131 CVE-2023-2131
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...
CVE-2023-2131
CVE-2023-2131 affects INEA ME RTU firmware prior to 3.36. The vulnerability is an OS command injection in the ME RTU remote terminal unit, enabling remote code execution if exploited. Remediation per sources is to update to firmware version 3.36 or later; CISA/ICS advisories describe remote explo...
CVE-2023-2131 CVE-2023-2131
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...
INEA ME RTU
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...
PT-2023-2483 · Inea · Inea Me Rtu
Name of the Vulnerable Software and Affected Versions: INEA ME RTU versions prior to 3.36 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This could allow a remote attacker to execute arbitrary code. The estimated numb...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2019-14931)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Access Control (CVE-2019-14927)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file which contains data such as usernames, passwords, and oth...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Use of Hard-Coded Credentials (CVE-2019-14930)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. Also, the accounts ineaadmin and mitsadm...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Neutralization of Input During Web Page Generation (CVE-2019-14928)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script XSS vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Plaintext Storage of a Password (CVE-2019-14929)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. ...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Use of Hard-Coded Credentials (CVE-2019-14926)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard- coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...
Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Incorrect Default Permissions (CVE-2019-14925)
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world- readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and oth...
Mitsubishi Electric / INEA SmartRTU Cross Site Scripting
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...
Mitsubishi Electric / INEA SmartRTU Source Code Disclosure
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...