A critical flaw in Inea ICS product exposes industrial organizations to remote attacks
A critical vulnerability discovered in a Remote Terminal Unit (RTU) manufactured by Slovenian industrial automation company Inea could expose industrial organizations to hacker attacks from a distance.
Last week, the US Cybersecurity and Infrastructure Security Agency published an advisory informing organizations of the vulnerability. The vendor released a firmware patch that fixes the vulnerability.
This security flaw, identified as CVE-2022-2131 with a CVSS of 10, affects Inea ME RTUs that run firmware versions older than 3.36. CISA stated that this OS command injection vulnerability could lead to remote code execution.
Source:
https://www.securityweek.com/critical-flaw-in-inea-ics-product-exposes-industrial-organizations-to-remote-attacks/