admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 09:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-149xx/CVE-2019-14927.json

157 lines
4.6 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2019-14927",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-10-28T13:15:10.773",
"lastModified": "2021-07-21T11:39:23.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file (which contains data such as usernames, passwords, and other sensitive RTU data)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Mitsubishi Electric ME-RTU versiones hasta la versi\u00f3n 2.02 y los dispositivos INEA ME-RTU versiones hasta la versi\u00f3n 3.0. Una vulnerabilidad de descarga de configuraci\u00f3n remota no autenticada permite a un atacante descargar el archivo de configuraci\u00f3n de smartRTU (que contiene datos como nombres de usuario, contrase\u00f1as y otros datos confidenciales de RTU)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
},
{
"lang": "en",
"value": "CWE-425"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mitsubishielectric:smartrtu_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.02",
"matchCriteriaId": "62D6CAA7-11E1-4DF2-A9BD-EC71AE7CD166"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mitsubishielectric:smartrtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF90DA0-55C7-4765-9DEE-80145752961D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:inea:me-rtu_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0",
"matchCriteriaId": "DDC6C049-B15B-4FC2-9DDF-915381E6D114"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:inea:me-rtu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7F8299-4A9C-4B93-A35A-68C6D43855CC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mogozobo.com/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.mogozobo.com/?p=3593",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue Copy Permalink