INEA reports critical vulnerability in ME RTU device

published: Oct. 31, 2023

Take action: If you are using INEA ME RTU, make sure it's in an isolated network, not accessible from the internet. Then start updating firmware in a systematic process.

Learn More

INEA, a company focusing on industrial informatics, automation and automated process controls based in Slovenia reports a critical vulnerability in their ME RTU.

The firmware versions up to 3.36b of INEA ME RTU are susceptible to an OS command injection vulnerability, potentially leading to unauthorized remote code execution. The vulnerable firmware does not have proper authentication protocols for the "root" account on the device's host system. This flaw might allow attackers to gain administrative privileges on the system.

This issue is being tracked as CVE-2023-35762 (CVSS v3 score 9.9), and has potential for remote exploitation with minimal complexity.

Key impacting sectors are Energy, Water/Wastewater Treatment, Transportation

INEA suggests that users should promptly update the ME RTU firmware to version 3.37.

INEA reports critical vulnerability in ME RTU device