Security News > 2023 > May > CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units
The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an Industrial Control Systems advisory about a critical flaw affecting ME RTU remote terminal units.
The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.
"Successful exploitation of this vulnerability could allow remote code execution," CISA said, describing it as a case of command injection affecting versions of INEA ME RTU firmware prior to version 3.36.
Security researcher Floris Hendriks of Radboud University has been credited with reporting the issue to CISA. Also published by CISA is an alert related to multiple known security holes in Intel(R) processors impacting Factory Automation products from Mitsubishi Electric that could result in privilege escalation and a denial-of-service condition.
The development comes as the agency recommended critical infrastructure organizations to take necessary steps to secure the supply chains by reviewing the Federal Communications Commission's Covered List of communications equipment that are deemed a national security risk.
CISA has also urged entities to adopt guidance issued by NIST to identify, assess, and mitigate supply chain risks, and enroll for the agency's free Vulnerability Scanning service to pinpoint vulnerable and high-risk devices.
News URL
https://thehackernews.com/2023/05/cisa-issues-advisory-on-critical-rce.html
Related news
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version (source)
- CISA warns of hackers targeting critical oil infrastructure (source)
- Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-2131 | OS Command Injection vulnerability in Inea ME RTU Firmware Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. | 9.8 |