Login Sign Up

CVE-2023-29155

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2023-29155 allows unauthenticated attackers to gain root/admin access to INEA ME RTU devices by exploiting missing authentication requirements. This affects all organizations using INEA ME RTU firmware version 3.36b and earlier. The vulnerability enables complete system compromise of these industrial control devices.

💻 Affected Systems

Products:
  • INEA ME RTU
Versions: 3.36b and prior
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable as the authentication requirement is missing entirely.

📦 What is this software?

Me Rtu Firmware by Inea

View all CVEs affecting Me Rtu Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems, allowing attackers to manipulate RTU operations, disrupt critical infrastructure, exfiltrate sensitive industrial data, or use devices as footholds for lateral movement.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, data theft, service disruption, or installation of persistent backdoors on vulnerable RTUs.

🟢

If Mitigated

Limited impact if devices are isolated in segmented networks with strict access controls, though the authentication bypass remains exploitable by authorized internal users.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is a simple authentication bypass requiring no special tools or techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.37 or later

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-304-02

Restart Required: Yes

Instructions:

1. Contact INEA for updated firmware. 2. Backup current configuration. 3. Apply firmware update via management interface. 4. Verify authentication is now required for root access.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate RTUs in dedicated network segments with strict firewall rules

Access Control Lists

all

Implement IP-based restrictions to limit which systems can communicate with RTUs

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate RTUs from untrusted networks
  • Deploy intrusion detection systems to monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to access the root/admin interface without credentials. If access is granted, the system is vulnerable.

Check Version:

Check firmware version in device web interface or via SNMP

Verify Fix Applied:

After patching, attempt root access without credentials - access should be denied.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated root login attempts
  • Configuration changes from unknown sources
  • Multiple failed authentication attempts followed by successful access

Network Indicators:

  • Unusual traffic patterns to RTU management interfaces
  • Connections from unexpected IP addresses to RTU ports

SIEM Query:

source="rtu_logs" AND (event="root_login" AND auth_result="success" AND user="none")

📊 Metadata

CVE ID: CVE-2023-29155
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-287
Published: November 20, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29155, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)