Sign-up

ID

VAR-201910-0805


CVE

CVE-2019-14927


TITLE

Mitsubishi Electric ME-RTU  Device and  INEA ME-RTU  Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-011339

DESCRIPTION

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data). Mitsubishi Electric ME-RTU Device and INEA ME-RTU The device contains a vulnerability related to information leakage.Information may be obtained. Inea ME-RTU is an intelligent communication gateway product of Inea Company in Slovenia. There are security vulnerabilities in Mitsubishi Electric smartRTU 2.02 and earlier versions and INEA ME-RTU 3.0 and earlier versions

Trust: 2.25

sources: NVD: CVE-2019-14927 // JVNDB: JVNDB-2019-011339 // CNVD: CNVD-2020-43689 // VULMON: CVE-2019-14927

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-43689

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:smartrtuscope:lteversion:2.02

Trust: 1.0

vendor:ineamodel:me-rtuscope:lteversion:3.0

Trust: 1.0

vendor:inea d o omodel:me-rtuscope: - version: -

Trust: 0.8

vendor:三菱電機model:smartrtuscope: - version: -

Trust: 0.8

vendor:mitsubishimodel:electric inea me-rtuscope:lteversion:<=3.0

Trust: 0.6

vendor:mitsubishimodel:electric smartrtuscope:lteversion:<=2.02

Trust: 0.6

sources: CNVD: CNVD-2020-43689 // JVNDB: JVNDB-2019-011339 // NVD: CVE-2019-14927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14927
value: HIGH

Trust: 1.0

NVD: CVE-2019-14927
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-43689
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-1532
value: HIGH

Trust: 0.6

VULMON: CVE-2019-14927
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-14927
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-43689
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14927
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-14927
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-43689 // VULMON: CVE-2019-14927 // JVNDB: JVNDB-2019-011339 // CNNVD: CNNVD-201910-1532 // NVD: CVE-2019-14927

PROBLEMTYPE DATA

problemtype:CWE-425

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-011339 // NVD: CVE-2019-14927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1532

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201910-1532

EXPLOIT AVAILABILITY

sources:
            
            
            VULMON: CVE-2019-14927

PATCH
title:ME RTU Mitsubishi Electric MITSUBISHI ELECTRIC AUTOMATIONurl:http://www.inea.si/en/telemetrija-in-m2m-produkti/mertu-en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011339

EXTERNAL IDS
db:NVDid:CVE-2019-14927
Trust: 3.1
db:ICS CERTid:ICSA-21-252-03
Trust: 1.4
db:JVNid:JVNVU93054759
Trust: 0.8
db:JVNDBid:JVNDB-2019-011339
Trust: 0.8
db:CNVDid:CNVD-2020-43689
Trust: 0.6
db:AUSCERTid:ESB-2021.3043
Trust: 0.6
db:CNNVDid:CNNVD-201910-1532
Trust: 0.6
db:EXPLOIT-DBid:47234
Trust: 0.1
db:VULMONid:CVE-2019-14927
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-43689 // 
            
            
            
            VULMON: CVE-2019-14927 // 
            
            
            
            JVNDB: JVNDB-2019-011339 // 
            
            
            
            CNNVD: CNNVD-201910-1532 // 
            
            
            
            NVD: CVE-2019-14927

REFERENCES
url:https://www.mogozobo.com/?p=3593
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-14927
Trust: 2.0
url:https://www.mogozobo.com/
Trust: 1.7
url:https://us-cert.cisa.gov/ics/advisories/icsa-21-252-03
Trust: 1.4
url:https://jvn.jp/vu/jvnvu93054759/
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2021.3043
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/425.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/47234
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-43689 // 
            
            
            
            VULMON: CVE-2019-14927 // 
            
            
            
            JVNDB: JVNDB-2019-011339 // 
            
            
            
            CNNVD: CNNVD-201910-1532 // 
            
            
            
            NVD: CVE-2019-14927

CREDITS
Mark Cross (@xerubus) reported these vulnerabilities to CISA.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-1532

SOURCES
db:CNVDid:CNVD-2020-43689
db:VULMONid:CVE-2019-14927
db:JVNDBid:JVNDB-2019-011339
db:CNNVDid:CNNVD-201910-1532
db:NVDid:CVE-2019-14927

LAST UPDATE DATE
2024-11-23T21:36:35.139000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-43689date:2020-08-01T00:00:00
db:VULMONid:CVE-2019-14927date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2019-011339date:2021-09-14T05:49:00
db:CNNVDid:CNNVD-201910-1532date:2021-09-10T00:00:00
db:NVDid:CVE-2019-14927date:2024-11-21T04:27:41.993

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-43689date:2020-08-01T00:00:00
db:VULMONid:CVE-2019-14927date:2019-10-28T00:00:00
db:JVNDBid:JVNDB-2019-011339date:2019-11-05T00:00:00
db:CNNVDid:CNNVD-201910-1532date:2019-10-28T00:00:00
db:NVDid:CVE-2019-14927date:2019-10-28T13:15:10.773