CVE-2023-29155
INEA ME RTU Missing Authentication for Critical Function
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
INEA · ME RTU