Lucene search

IcscertCVELIST:CVE-2023-29155

HistoryNov 20, 2023 - 4:28 p.m.

CVE-2023-29155 Improper Authentication INEA ME RTU

2023-11-2016:28:20

CWE-287

icscert

www.cve.org

inea me rtu

firmware

authentication bypass

cve-2023-29155

host system access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the “root” account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ME RTU",
    "vendor": "INEA",
    "versions": [
      {
        "lessThanOrEqual": "3.36b",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-304-02

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVELIST:CVE-2023-29155