84 matches found
EUVD-2019-6027
Malware in sbrugna...
EUVD-2019-6024
Malware in sbrugna...
EUVD-2019-6026
Malware in sbrugna...
EUVD-2023-33651
Malicious code in bioql PyPI...
EUVD-2023-39761
Malicious code in bioql PyPI...
EUVD-2023-32757
Malicious code in bioql PyPI...
CVE-2023-2131
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...
CVE-2019-14926
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with...
CVE-2019-14930
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. Also, the accounts ineaadmin...
CVE-2019-14925
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames,...
CVE-2019-14928
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script XSS vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to...
INEA ME RTU (CVE-2023-29155)
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the root account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system. This plugin only works with Tenable.ot. Please visit...
INEA ME RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2023-35762)
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system OS command injection, which could allow remote code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...
CVE-2023-29155
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...
CVE-2023-29155
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...
CVE-2023-35762
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system OS command injection, which could allow remote code execution...
Command injection
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system OS command injection, which could allow remote code execution...
Authentication flaw
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...
CVE-2023-29155 INEA ME RTU Missing Authentication for Critical Function
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...
CVE-2023-29155 INEA ME RTU Missing Authentication for Critical Function
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...