Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Plaintext Storage of a Password (CVE-2019-14929)

critical Tenable OT Security Plugin ID 500520


The remote OT asset is affected by a vulnerability.


An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. An unauthenticated user can obtain the exposed password credentials to gain access to the following services: DDNS service, Mobile Network Provider, and OpenVPN service. This plugin only works with Tenable.ot. Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Mitsubishi Electric Europe B.V. recommends users update to firmware Version 3.3 or later.

See Also

Plugin Details

Severity: Critical

ID: 500520

Version: 1.5

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 11/13/2023

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-14929


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mitsubishielectric:smartrtu_firmware

Required KB Items: Tenable.ot/Mitsubishi

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/28/2019

Vulnerability Publication Date: 10/28/2019

Reference Information

CVE: CVE-2019-14929

CWE: 522