CVE-2023-29155

Published: Nov 20, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.

Affected (1)

Products: Inea: Me Rtu Firmware

Inea

1 product

Me Rtu Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Inea Me Rtu Firmware	Before 3.37

Running on/with	Platform Versions
Inea Me Rtu	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.