Sign-up

ID

VAR-202110-1007


CVE

CVE-2018-16060


TITLE

Mitsubishi Electric SmartRTU Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202110-1210

DESCRIPTION

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI

Trust: 0.99

sources: NVD: CVE-2018-16060 // VULMON: CVE-2018-16060

AFFECTED PRODUCTS

vendor:mitsubishielectricmodel:smartrtuscope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2018-16060

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-16060
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202110-1210
value: HIGH

Trust: 0.6

VULMON: CVE-2018-16060
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-16060
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2018-16060
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2018-16060 // CNNVD: CNNVD-202110-1210 // NVD: CVE-2018-16060

PROBLEMTYPE DATA

problemtype:CWE-425

Trust: 1.0

sources: NVD: CVE-2018-16060

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-1210

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-1210

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2018-16060

EXTERNAL IDS
db:PACKETSTORMid:164538
Trust: 1.7
db:NVDid:CVE-2018-16060
Trust: 1.7
db:EXPLOIT-DBid:50422
Trust: 0.6
db:CNNVDid:CNNVD-202110-1210
Trust: 0.6
db:VULMONid:CVE-2018-16060
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-16060 // 
            
            
            
            CNNVD: CNNVD-202110-1210 // 
            
            
            
            NVD: CVE-2018-16060

REFERENCES
url:http://packetstormsecurity.com/files/164538/mitsubishi-electric-inea-smartrtu-source-code-disclosure.html
Trust: 2.4
url:https://drive.google.com/open?id=1qmhwtnbbiqrtkr0nepntkssydi8vrshh
Trust: 1.7
url:https://www.exploit-db.com/exploits/50422
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/425.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-16060 // 
            
            
            
            CNNVD: CNNVD-202110-1210 // 
            
            
            
            NVD: CVE-2018-16060

SOURCES
db:VULMONid:CVE-2018-16060
db:CNNVDid:CNNVD-202110-1210
db:NVDid:CVE-2018-16060

LAST UPDATE DATE
2022-05-04T10:03:01.699000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-16060date:2021-10-21T00:00:00
db:CNNVDid:CNNVD-202110-1210date:2021-10-22T00:00:00
db:NVDid:CVE-2018-16060date:2021-10-21T16:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-16060date:2021-10-15T00:00:00
db:CNNVDid:CNNVD-202110-1210date:2021-10-15T00:00:00
db:NVDid:CVE-2018-16060date:2021-10-15T20:15:00