Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
smartrtu_firmware
CVE-2018-16061
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.