Lucene search

[email protected]CVE-2023-29155

HistoryNov 20, 2023 - 5:15 p.m.

CVE-2023-29155

2023-11-2017:15:13

CWE-287

[email protected]

web.nvd.nist.gov

inea

rtu

firmware

authentication

root

account

admin-level

access

security

vulnerability

cve-2023-29155

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.2%

JSON

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the “root” account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.

Affected configurations

NVD

Node

ineame_rtuMatch-

AND

ineame_rtu_firmwareRange<3.37

CPENameOperatorVersion
inea:me_rtu_firmwareinea me rtu firmwarelt3.37

CPE	Name	Operator	Version
inea:me_rtu_firmware	inea me rtu firmware	lt	3.37

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ME RTU",
    "vendor": "INEA",
    "versions": [
      {
        "lessThanOrEqual": "3.36b",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]