CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units
The US Cyber Security and Infrastructure Agency (CISA) on Tuesday released an Industrial Control System (ICS) adviser on a critical flaw affecting the ME RTU remote terminal unit.
Security vulnerability, tracked as CVE-2023-2131has received the highest severity rating of 10.0 on the CVSS rating system due to its low attack complexity.
“Successful exploitation of this vulnerability could enable remote code execution,” CISA saiddescribed it as a case of command injection affecting previous INEA ME RTU firmware versions version 3.36.
Security researcher Floris Hendriks of Radboud University has been credited with reporting the matter to CISA.
Also published by CISA is a warning relates to several known security flaws in Intel(R) processors impacting Mitsubishi Electric’s Factory Automation (FA) products that may result in privilege escalation and denial-of-service (DoS) conditions.
Development comes as an agent recommended critical infrastructure organizations to take the necessary steps to secure supply chains by reviewing the Federal Communications Commission (FCC) Closed List of communications equipment deemed a national security risk.
Learn How to Stop Ransomware with Real-Time Protection
Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.
CISA has also urged entities to adopt guidance issued by NIST for identifying, assessing, and mitigating supply chain risks, and registering for the agency’s free program. Vulnerability Scanning Service to define vulnerable and high-risk devices.
Further follows effort by cyber security authorities in Australia, Canada, the UK, Germany, the Netherlands, New Zealand and the US to “take the urgent steps necessary to deliver products designed by default and securely”.