CVE-2019-14931: OS Command Injection
First published: Mon Oct 28 2019(Updated: )
An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's system shell. Functionality in mobile.php provides users with the ability to ping sites or IP addresses via Mobile Connection Test. When the Mobile Connection Test is submitted, action.php is called to execute the test. An attacker can use a shell command separator (;) in the host variable to execute operating system commands upon submitting the test data.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Smartrtu Firmware | <=2.02 | |
| Mitsubishielectric Smartrtu | ||
| Inea Me-rtu Firmware | <=3.0 | |
| INEA ME-RTU | ||
| All of | ||
| Mitsubishielectric Smartrtu Firmware | <=2.02 | |
| Mitsubishielectric Smartrtu | ||
| All of | ||
| Inea Me-rtu Firmware | <=3.0 | |
| INEA ME-RTU |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14931?
CVE-2019-14931 is an unauthenticated remote OS Command Injection vulnerability found in Mitsubishi Electric ME-RTU devices through version 2.02 and INEA ME-RTU devices through version 3.0.
How severe is CVE-2019-14931?
CVE-2019-14931 has a severity score of 9.8, which is considered critical.
Which devices are affected by CVE-2019-14931?
Mitsubishi Electric ME-RTU devices through version 2.02 and INEA ME-RTU devices through version 3.0 are affected by CVE-2019-14931.
How can an attacker exploit CVE-2019-14931?
An attacker can exploit CVE-2019-14931 by sending malicious commands to the RTU through unauthenticated remote OS Command Injection.
Are there any known fixes for CVE-2019-14931?
At the moment, there are no known fixes for CVE-2019-14931. It is recommended to follow any security advisories provided by the vendor or apply mitigations where possible.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/mitsubishielectric
- canonical/mitsubishielectric smartrtu firmware
- version/mitsubishielectric smartrtu firmware/2.02
- canonical/mitsubishielectric smartrtu
- vendor/inea
- canonical/inea me-rtu firmware
- version/inea me-rtu firmware/3.0
- canonical/inea me-rtu