CVE-2023-29155

Summary

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system.

Affected Software

VendorProductVersion RangeStatus
INEAME RTU0 <= 3.36baffected

Weaknesses

  • CWE- 306

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References