An issue exists on Mitsubishi Electric ME-RTU devices up to and including 2.02 and INEA ME-RTU devices up to and including 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an malicious user to gain unauthorised access to the RTU. (Also, the accounts ineaadmin and mitsadmin are able to escalate privileges to root without supplying a password due to insecure entries in /etc/sudoers on the RTU.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mitsubishielectric smartrtu firmware |
||
inea me-rtu firmware |