Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2023-11-20T16:28:20.585Z
Updated: 2023-11-20T16:28:20.585Z
Reserved: 2023-06-26T18:46:05.835Z
Link: CVE-2023-29155
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-20T17:15:13.143
Modified: 2023-11-29T20:52:57.780
Link: CVE-2023-29155
JSON object: View
Redhat Information
No data.
CWE