A critical vulnerability found in a remote terminal unit (RTU) made by Slovenia-based industrial automation company Inea can expose industrial organizations to remote hacker attacks.
The existence of the vulnerability came to light last week, when the US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to inform organizations. The vendor has released a firmware update that patches the issue.
The security hole, tracked as CVE-2023–2131 with a CVSS score of 10, impacts Inea ME RTUs running firmware versions prior to 3.36. This OS command injection bug could allow remote code execution, CISA said.
Leave a reply