CVE-2019-14931
Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
Se descubrió un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta las versión 2.02 y los dispositivos INEA ME-RTU versiones hasta la versión 3.0. Una vulnerabilidad de inyección de comandos de Sistema Operativo remota no autenticada permite a un atacante ejecutar comandos arbitrarios en la RTU debido al paso de datos no seguros suministrados por el usuario hacia el shell del sistema de la RTU. Una funcionalidad en el archivo mobile.php provee a usuarios la capacidad de hacer ping a sitios o direcciones IP por medio de Mobile Connection Test. Cuando la Mobile Connection Test es enviada, se llama al archivo action.php para ejecutar la prueba. Un atacante puede utilizar un separador de comandos de shell (;) en la variable del host para ejecutar comandos del sistema operativo sobre el envío de los datos de prueba.
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2019-08-12 First Exploit
- 2019-10-28 CVE Published
- 2024-09-10 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://www.mogozobo.com | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/47235 | 2019-08-12 | |
| https://www.mogozobo.com/?p=3593 | 2024-09-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mitsubishielectric Search vendor "Mitsubishielectric" | Smartrtu Firmware Search vendor "Mitsubishielectric" for product "Smartrtu Firmware" | <= 2.02 Search vendor "Mitsubishielectric" for product "Smartrtu Firmware" and version " <= 2.02" | - |
Affected
| in | Mitsubishielectric Search vendor "Mitsubishielectric" | Smartrtu Search vendor "Mitsubishielectric" for product "Smartrtu" | - | - |
Safe
|
| Inea Search vendor "Inea" | Me-rtu Firmware Search vendor "Inea" for product "Me-rtu Firmware" | <= 3.0 Search vendor "Inea" for product "Me-rtu Firmware" and version " <= 3.0" | - |
Affected
| in | Inea Search vendor "Inea" | Me-rtu Search vendor "Inea" for product "Me-rtu" | - | - |
Safe
|