Incorrect Default Permissions

CVE-2019-14925

Medium

6.5/10

Summary

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and other sensitive RTU data due to insecure permission assignment.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References

Advisory Timeline

Published Oct 28, 2019

Incorrect Default Permissions

CVE-2019-14925

Summary

CWE-276 - Incorrect Default Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS