Lucene search
K

91 matches found

BDU FSTEC
BDU FSTEC
added 2023/11/09 12:0 a.m.7 views

The vulnerability of the microprogrammed remote terminal block INEA ME RTU lies in the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the microprogrammed remote terminal block INEA ME RTU exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands...

9.9CVSS8.1AI score0.01698EPSS
Exploits0References4Affected Software1
ICS
ICS
added 2023/10/31 6:0 a.m.45 views

INEA ME RTU

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : INEA Equipment : ME RTU Vulnerabilities : OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution...

9.9CVSS10AI score0.01698EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/06/01 12:0 a.m.31 views

INEA ME RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2023-2131)

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

10CVSS8.8AI score0.01726EPSS
Exploits0References2
NVD
NVD
added 2023/04/20 9:15 p.m.25 views

CVE-2023-2131

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...

10CVSS9.8AI score0.01726EPSS
Exploits0References1
OSV
OSV
added 2023/04/20 9:15 p.m.4 views

CVE-2023-2131

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...

9.8CVSS7.7AI score0.01726EPSS
Exploits0References1
Prion
Prion
added 2023/04/20 9:15 p.m.18 views

Command injection

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...

7.5CVSS9.7AI score0.01726EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/20 8:40 p.m.31 views

CVE-2023-2131 CVE-2023-2131

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...

10CVSS9.9AI score0.01726EPSS
Exploits0References1
CVE
CVE
added 2023/04/20 8:40 p.m.144 views

CVE-2023-2131

CVE-2023-2131 affects INEA ME RTU firmware prior to 3.36. The vulnerability is an OS command injection in the ME RTU remote terminal unit, enabling remote code execution if exploited. Remediation per sources is to update to firmware version 3.36 or later; CISA/ICS advisories describe remote explo...

10CVSS9.8AI score0.01726EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/20 8:40 p.m.10 views

CVE-2023-2131 CVE-2023-2131

Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code...

10CVSS7.6AI score0.01726EPSS
Exploits0References1
ICS
ICS
added 2023/04/20 3:30 p.m.30 views

INEA ME RTU

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...

10CVSS10AI score0.01726EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.5 views

PT-2023-2483 · Inea · Inea Me Rtu

Name of the Vulnerable Software and Affected Versions: INEA ME RTU versions prior to 3.36 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This could allow a remote attacker to execute arbitrary code. The estimated numb...

10CVSS9.6AI score0.01726EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.26 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Neutralization of Special Elements Used in an OS Command (CVE-2019-14931)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote OS Command Injection vulnerability allows an attacker to execute arbitrary commands on the RTU due to the passing of unsafe user supplied data to the RTU's...

10CVSS8.9AI score0.5766EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.27 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Access Control (CVE-2019-14927)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. An unauthenticated remote configuration download vulnerability allows an attacker to download the smartRTU's configuration file which contains data such as usernames, passwords, and oth...

7.5CVSS7.4AI score0.41847EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.13 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Use of Hard-Coded Credentials (CVE-2019-14930)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Undocumented hard-coded user passwords for root, ineaadmin, mitsadmin, and maint could allow an attacker to gain unauthorised access to the RTU. Also, the accounts ineaadmin and mitsadm...

10CVSS8.4AI score0.02343EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.22 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Improper Neutralization of Input During Web Page Generation (CVE-2019-14928)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A number of stored cross-site script XSS vulnerabilities allow an attacker to inject malicious code directly into the application. An example input variable vulnerable to stored XSS is...

5.4CVSS5.7AI score0.44149EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.22 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Plaintext Storage of a Password (CVE-2019-14929)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Stored cleartext passwords could allow an unauthenticated attacker to obtain configured username and password combinations on the RTU due to the weak credentials management on the RTU. ...

9.8CVSS8.3AI score0.01936EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.27 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Use of Hard-Coded Credentials (CVE-2019-14926)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. Hard- coded SSH keys allow an attacker to gain unauthorised access or disclose encrypted data on the RTU due to the keys not being regenerated on initial installation or with firmware...

9.8CVSS8.3AI score0.02085EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.23 views

Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU Incorrect Default Permissions (CVE-2019-14925)

An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world- readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames, passwords, and oth...

6.5CVSS6.5AI score0.0126EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.349 views

Mitsubishi Electric / INEA SmartRTU Cross Site Scripting

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting XSS Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16061 Po...

0.4AI score0.04032EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/10/18 12:0 a.m.312 views

Mitsubishi Electric / INEA SmartRTU Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

0.5AI score0.19612EPSS
Exploits4
Rows per page
Query Builder