CVE-2023-29155

Name of the Vulnerable Software and Affected Versions INEA ME RTU firmware versions 3.36b and prior

Description The issue is related to inadequate authentication procedures in the INEA ME RTU firmware, which could allow an attacker to gain unauthorized access to the device. Specifically, versions of the firmware do not require authentication to the "root" account on the host system, potentially enabling an attacker to obtain admin-level access. This could be exploited by a remote attacker.

Recommendations For INEA ME RTU firmware versions 3.36b and prior, consider implementing additional authentication measures to secure the "root" account on the host system until a patch is available. As a temporary workaround, restrict access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.