OTPulse
FeedAboutContact

INEA ME RTU

Act Now10ICS-CERT ICSA-23-110-01Apr 20, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

INEA ME RTU versions prior to 3.36 contain a command injection vulnerability (CWE-78) that allows remote code execution. An unauthenticated attacker with network access to the device can send a specially crafted message to execute arbitrary commands on the RTU, potentially disrupting remote operations and process control.

What this means
What could happen
An attacker could gain remote code execution on the ME RTU, allowing them to modify process parameters, alter setpoints, or stop critical remote terminal unit operations.
Who's at risk
Water utilities and electric utilities that rely on INEA ME RTU devices for remote monitoring and control of field sites, pump stations, or distribution equipment. Any facility using this RTU in critical infrastructure operations.
How it could be exploited
An attacker on the network sends a specially crafted message to the ME RTU on its network interface. The RTU processes the message without proper input validation, allowing arbitrary code execution. No credentials or user interaction are required.
Prerequisites
  • Network access to the ME RTU
  • Device must be reachable from the attacker's network location
Remotely exploitableNo authentication requiredLow complexityCritical severity (CVSS 10.0)
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (1)
ProductAffected VersionsFix Status
ME RTU:< 3.363.36
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIsolate the RTU network behind a firewall; ensure the device is not directly accessible from the Internet or business network
HARDENINGMinimize network exposure by restricting which systems can communicate with the RTU; only allow connections from authorized engineering workstations and SCADA servers
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate ME RTU firmware to version 3.36 or later
Long-term hardening
0/1
HARDENINGIf remote access is required, use a VPN with current security patches and restrict access to specific authorized users
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b3b6fb02-dbfe-4d65-b4b1-bf4dc2cb32ba
INEA ME RTU | CVSS 10 - OTPulse