CVE-2025-3232

CVE-2025-3232 affects Mitsubishi Electric Europe smartRTU, where a remote unauthenticated attacker can bypass authentication via a specific API route and execute arbitrary OS commands. The Red Hat/NVD/EUVD/NVD-derived records consistently describe an access-control failure enabling command execut...

CVE-2025-3232 Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...

CVE-2025-3232 Mitsubishi Electric Europe smartRTU Missing Authentication for Critical Function

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...

Mitsubishi Electric smartRTU 访问控制错误漏洞

The Mitsubishi Electric smartRTU is a smart remote terminal unit RTU from Mitsubishi Electric Japan. The Mitsubishi Electric smartRTU suffers from an access control error vulnerability that stems from a specific API route that can bypass authentication and could lead to the execution of arbitrary...

EUVD-2018-7918

Malware in sbrugna...

EUVD-2025-25588

Malicious code in bioql PyPI...

CVE-2025-3128

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product...

CVE-2025-3128

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product...

CVE-2025-3128

CVE-2025-3128 affects Mitsubishi Electric smartRTU. A remote unauthenticated attacker can bypass authentication via a specific API route to execute arbitrary OS commands, leading to disclosure, tampering, destruction of data, or DoS. Documents consistently state remote command-injection risk with...

CVE-2025-3128 Mitsubishi Electric Europe smartRTU OS Command Injection

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product...

CVE-2025-3128 Mitsubishi Electric Europe smartRTU OS Command Injection

A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a denial-of service condition on the product...

Mitsubishi Electric smartRTU 操作系统命令注入漏洞

The Mitsubishi Electric smartRTU is an intelligent remote terminal unit RTU from Mitsubishi Electric Japan. The Mitsubishi Electric smartRTU suffers from an operating system command injection vulnerability that stems from an authentication bypass that could result in the execution of arbitrary OS...

PT-2025-34278 · Mitsubishi · Smartrtu

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric smartRTU affected versions not specified Description: A remote, unauthenticated attacker who has bypassed authentication can execute arbitrary OS commands. This could lead to the disclosure, modification, destruction, or...

CVE-2018-16061

Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php...

CVE-2018-16060

Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information directory listing and source code via a direct request to the /web URI...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-105-01 Siemens Mendix Runtime ICSA-25-105-02 Siemens Industrial Edge Device Kit...

Mitsubishi Electric Europe B.V. smartRTU

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote unauthenticated attacker to disclose, tamper with, destroy or delete information in the product, or cause a denial-of service condition on the product. 2. RECOMMENDED PRACTICES CISA recommends users take...

Mitsubishi Electric SmartRTU Cross-site Scripting (CVE-2018-16061)

Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Mitsubishi Electric SmartRTU Forced Browsing (CVE-2018-16060)

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information directory listing and source code via a direct request to the /web URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...