INEA reports critical vulnerability in ME RTU device
Take action: If you are using INEA ME RTU, make sure it's in an isolated network, not accessible from the internet. Then start updating firmware in a systematic process.
INEA, a company focusing on industrial informatics, automation and automated process controls based in Slovenia reports a critical vulnerability in their ME RTU.
The firmware versions up to 3.36b of INEA ME RTU are susceptible to an OS command injection vulnerability, potentially leading to unauthorized remote code execution. The vulnerable firmware does not have proper authentication protocols for the "root" account on the device's host system. This flaw might allow attackers to gain administrative privileges on the system.
This issue is being tracked as CVE-2023-35762 (CVSS v3 score 9.9), and has potential for remote exploitation with minimal complexity.
Key impacting sectors are Energy, Water/Wastewater Treatment, Transportation
INEA suggests that users should promptly update the ME RTU firmware to version 3.37.
|Industrial routers Yifan vulnerable to 10 zero-day flaws
|Rockwell Automation Patches Over a Dozen Vulnerabilities in …
|CISA advises update of Ethercat Zeek Plugin due …
|Honeywell releases patch for critical vulneabilities of Experion …
|Mitsubishi Electric reports vulnerabilities in Factory Automation