CVE-2023-2131
published 2023-04-20CVE-2023-2131: Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.73%
74.7th percentile
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| inea | me_rtu | < 3.36 | 3.36 |
| inea | me_rtu_firmware | < 3.36 | 3.36 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is OS Command Injection (CWE-78) in INEA ME RTU firmware; detection should focus on anomalous command execution originating from the RTU web/network interface ↗
- →The vulnerability is network-exploitable with no authentication and no user interaction required (CVSS AV:N/AC:L/PR:N/UI:N), so monitor for unauthenticated remote connections to INEA ME RTU devices ↗
- →Prioritize detection for INEA ME RTU devices running firmware versions prior to 3.36 exposed on OT/ICS networks, particularly in Energy, Water/Wastewater, and Transportation sectors ↗
- ·No known public exploits exist for this vulnerability at time of advisory publication, limiting signature-based detection options ↗
- ·Affected version scope is all INEA ME RTU firmware prior to 3.36; version fingerprinting of deployed RTUs is necessary to assess exposure ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
INEA ME RTU
cisa_ics·2023-04-20·CVSS 10.0
[CRITICAL] INEA ME RTU
ICS Advisory
##
INEA ME RTU
Release DateApril 20, 2023
Alert CodeICSA-23-110-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 10.0
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: INEA
- Equipment: ME RTU
- Vulnerability: OS Command Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of ME RTU, a remote terminal unit, are affected:
- ME RTU: versions prior to 3.36
## 3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to operating system (OS) command injection, which could all
GHSA
GHSA-78gc-x3r7-4g3p: Versions of INEA ME RTU firmware prior to 3
ghsa_unreviewed·2023-04-20
CVE-2023-2131 [CRITICAL] CWE-78 GHSA-78gc-x3r7-4g3p: Versions of INEA ME RTU firmware prior to 3
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-20
Published