Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
29 Nov 2023, 20:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:o:inea:me_rtu_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:inea:me_rtu:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-287 |
20 Nov 2023, 19:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 17:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-29155
Mitre link : CVE-2023-29155
CVE.ORG link : CVE-2023-29155
JSON object : View
Products Affected
inea
- me_rtu
- me_rtu_firmware
CWE
CWE-287
Improper Authentication