CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29155 – Improper Authentication INEA ME RTU
https://notcve.org/view.php?id=CVE-2023-29155
Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system. Las versiones del firmware INEA ME RTU 3.36b y anteriores no requieren autenticación en la cuenta "raíz" en el sistema host del dispositivo. Esto podría permitir a un atacante obtener acceso de nivel de administrador al sistema host. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 • CWE-287: Improper Authentication •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35762 – OS Command Injection in INEA ME RTU
https://notcve.org/view.php?id=CVE-2023-35762
Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. Las versiones del firmware INEA ME RTU 3.36b y anteriores son vulnerables a la inyección de comandos del sistema operativo (SO), lo que podría permitir la ejecución remota de código. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2131 – CVE-2023-2131
https://notcve.org/view.php?id=CVE-2023-2131
Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-110-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •