CVE-2019-14926

Published: Oct 28, 2019

Modified: Sep 10, 2024

PUBLISHED

Description

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard-coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware updates. In other words, these devices use private-key values in /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_ecdsa_key, and /etc/ssh/ssh_host_dsa_key files that are publicly available from the vendor web sites.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.mogozobo.com/

https://www.mogozobo.com/?p=3593

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-14926

Description

Affected Products

References