← back
CVE-2023-29155

INEA ME RTU Missing Authentication for Critical Function

CVSS 9.8 CRITICALEPSS 0.9%
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
INEA · ME RTU