The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) advisory on Tuesday regarding a critical flaw affecting ME RTU remote terminal units.
The security vulnerability tracked as CVE-2023-2131 received the highest severity rating of 10.0 in the CVSS scoring system due to the low complexity of the attack.
“Successfully exploiting this vulnerability could lead to remote code execution,” CISA said, describing it as a command injection case affecting INEA ME RTU firmware versions prior to version 3.36. .
The issue was reported to CISA by Floris Hendriks, a security researcher at Radboud University.
CISA has also issued alerts related to several known security holes in Intel(R) processors. This affects Mitsubishi Electric’s Factory Automation (FA) products and may lead to privilege escalation or denial of service (DoS) conditions.
This development encourages critical infrastructure organizations to take necessary steps to protect their supply chains by reviewing the Federal Communications Commission’s (FCC) Covered List of Communications Equipment Deemed a National Security Risk. was recommended by a government agency.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how real-time MFA and service account protection can stop ransomware attacks.
Save my seat!
CISA has also adopted guidance published by NIST to identify, assess, and mitigate supply chain risks and has enrolled in the agency’s free vulnerability scanning service to identify vulnerable and high-risk devices. requested the entity to do so.
Additionally, it follows efforts by cybersecurity authorities in Australia, Canada, the United Kingdom, Germany, the Netherlands, New Zealand, and the United States to “take the urgent steps necessary to ship default products with secure designs.”
