CVE-2023-35762

Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:inea:me_rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:inea:me_rtu:-:*:*:*:*:*:*:*

History

29 Nov 2023, 20:52

Type Values Removed Values Added
First Time Inea me Rtu
Inea
Inea me Rtu Firmware
CPE cpe:2.3:o:inea:me_rtu_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:inea:me_rtu:-:*:*:*:*:*:*:*
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 - () https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-78

20 Nov 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-20 17:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-35762

Mitre link : CVE-2023-35762

CVE.ORG link : CVE-2023-35762


JSON object : View

Products Affected

inea

  • me_rtu_firmware
  • me_rtu
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')