The US Cybersecurity and Infrastructure Security Agency (CISA) issued an Industrial Control Systems (ICS) advisory on Tuesday about a critical flaw affecting ME RTU remote terminal units.
The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 in the CVSS scoring system for its low attack complexity.
“Successful exploitation of this vulnerability could allow remote code execution,” CISA said, describing it as a case of command injection affecting INEA ME RTU firmware versions prior to version 3.36 .
Security researcher Floris Hendriks of Radboud University has been credited with reporting the issue to CISA.
CISA has also issued an alert related to several known security holes in Intel(R) processors affecting Mitsubishi Electric’s factory automation (FA) products that can lead to privilege escalation and a denial of service condition ( DoS).
The development comes as the agency recommended that critical infrastructure organizations take the necessary steps to secure supply chains by reviewing the Federal Communications Commission’s (FCC) covered list of communications equipment that is considered a risk to national security.
Learn how to stop ransomware with real-time protection
Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.
Save my seat!
CISA has also urged entities to adopt guidelines issued by NIST for identifying, assessing and mitigating supply chain risks, and to sign up for the agency’s free vulnerability scanning service to identify vulnerable devices and high risk
It also follows efforts by cybersecurity authorities in Australia, Canada, the United Kingdom, Germany, the Netherlands, New Zealand and the United States to “take the urgent steps necessary to ship products that are secure by design and by default.”
Ikaroa and its security professionals are warning of a critical remote code execution (RCE) vulnerability in ME RTU (remote terminal units) developed by Moxa. This security alert was initially issued by the US Cybersecurity and Infrastructure Security Agency (CISA).
ME RTU is designed to connect, monitor and control automation processes, located in a remote location. RCE occurs when an attacker is able to send malicious code to the device and take full control of it. This vulnerability can be used to carry out malicious activities including stealing data, creating backdoors and launching denial of service (DoS) attacks.
Ikaroa, a full stack digital security company, is committed to helping organizations protect their mission critical digital infrastructure. The recent CISA Advisory underscores a critical component of Ikaroa’s security services, which is staying up to date on emerging threats and vulnerabilities.
At this time, there is no known patch to resolve this vulnerability. Therefore, Ikaroa is providing a list of steps to secure the devices, including changing the password on the devices, enabling authentication for web-based access and using built-in firewall rules.
Ikaroa encourages all organizations with Moxa’s ME RTU devices to take immediate mitigating steps to ensure the alert is appropriately handled and to ensure the data and accessibility of any device connected to the network is secure.
By staying informed and taking proactive security measures, Ikaroa can help mitigate the risk of this RCE vulnerability and secure the organization’s digital infrastructure.
