CISA warns of OS Command Injection vulnerability in INEA ME RTU hardware

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about an OS Command Injection vulnerability in INEA ME RTU equipment, which is used in the energy, water and wastewater, and transportation sectors to manage remote systems. The vulnerability could allow remote code execution and affects firmware versions prior to 3.36. CISA has recommended defensive measures to minimize the risk of exploitation, such as updating to version 3.36 or later, minimizing network exposure, and using secure methods for remote access. The issue highlights the growing concern around security vulnerabilities in operational technology (OT), with CISA releasing 121 advisories so far this year.

Source: https://industrialcyber.co/cisa/cisa-warns-of-os-command-injection-vulnerability-in-inea-me-rtu-hardware/