The US Cybersecurity and Infrastructure Security Agency (CISA) reported a severe security vulnerability affecting ME RTU remote terminal units in an advisory. The vulnerability is named CVE-2023-2131.
The issue was reported to CISA by Floris Hendriks, a security researcher at Radboud University. CISA has recommended that critical infrastructure organizations take necessary measures to secure their supply chains by reviewing the Federal Communications Commission’s Covered List of communications equipment considered a national security risk.
The agency has also pressed upon organizations to utilize security guidance issued by NIST that helps them in the identification, assessment, and mitigation of supply chain risks and to enroll in the agency’s free Vulnerability Scanning service to identify vulnerable and high-risk devices.
This blog post will talk in detail about this Critical RCE Vulnerability in ME RTU, how to fix CVE-2023-2131 by following the steps recommended by INEA, and why it is important to fix this security vulnerability.
ME-RTU is a communication unit that enables connectivity between the control center and field devices through mobile devices. It has a built-in 4G LTE modem that establishes communication between the remote system and the control center and makes it reliable. Additionally, it helps connect the radio modem and USB port and implements open-standard protocols to ensure powerful connectivity between systems and devices from different manufacturers.
The features of ME RTU include:
It supports DNP3 connectivity with DNP3 slave Level 2
It enables Ethernet and Serial connectivity via USB to RS232 converter
It provides IEC 60870-5-101/104 connectivity with IEC 60870-5-101/104 slave support and IEC 60870-5-104 master to IEC 60870-5-104 slave gateway.
It supports IEC 61850 connectivity with IEC 61850 Client to IEC 60870-5-104 slave gateway.
It offers a PLC iQ-F/Q/L series connectivity, SMS messaging, time synchronization, integrated I/Os, online PLC programming and monitoring, communication channels such as Ethernet, Cellular network, USB Host, file transfers such as FTP and SFTP, PPP for serial/USB modem connections, and IT functionality such as DNS, DDNS, SNMP, and HTTP.
It also unit provides VPN functionality for secure communications.
Complementing several features, the implementation of ME-RTU also has several advantages. The greater effective control provides 10% less energy consumption, about 15% less congestion on remote devices, and the remote control provides a reduction of 20% in the management costs. This technology is ideal for controlling and managing remote systems such as aqueducts, transformer stations, pipelines, road tunnels, switching stations, and wastewater treatment plants.
Vendor: INEA
Vulnerability type: OS Command Injection
CVSS v3: 10.0
Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2023-2131 is a critical vulnerability affecting some INEA ME RTU firmware versions. The vulnerability is caused by a command injection flaw in the affected devices’ firmware. The successful exploitation of the vulnerability could allow an attacker to execute arbitrary code remotely in the device’s operating system.
Organizations using INEA ME RTU devices are advised to mitigate the vulnerability to prevent any potential attacks immediately.
This vulnerability affects all versions of ME RTU before 3.36, which could allow a remote attacker to execute arbitrary code remotely. These versions include 2.17, 2.21, 2.23, 2.25, 2.29, 2.33, 2.35, and 3.35. As all these versions are affected by this critical security vulnerability, it is recommended to view how to fix CVE-2023-2131, which we have mentioned in the section below.
INEA recommends the users upgrade the ME RTU to the latest firmware versions (ME RTU 3.36 or later) to fix CVE-2023-2131, a critical RCE vulnerability in ME RTU. Additionally, there are some other measures that you can take to mitigate the exploitation risk; some of those are as follows:
The Cybersecurity and Infrastructure Security Agency (CISA) recommends that users take defensive measures that help them mitigate the exploitation risk of this vulnerability.
Specifically, users should minimize network exposure for all control system devices and ensure they are not accessible from the internet.
Control system networks and remote devices should be located behind firewalls and isolated from business networks.
Users should use secure methods when needing remote access. They can use Virtual Private Networks (VPNs), recognizing that VPNs might have security vulnerabilities and should be updated to the current version.
Organizations should perform proper impact analysis and risk assessment before deploying defensive measures.
To know more about the security recommended practices, visit the ICS webpage at cisa.gov/ics. It offers details on several CISA products and the best practices for cyber defense that you can read and download. The ICS webpage also offers additional mitigation guidance and recommended practices at cisa.gov/ics in the form of a technical information paper.
CVE-2023-2131 is a critical remote code execution vulnerability in ME RTU remote terminal units that can allow an attacker to control the affected system fully. It is crucial for organizations using these devices to take immediate action to fix this vulnerability to prevent unauthorized access to their systems and sensitive data.
Organizations should also ensure that their network infrastructure is secure and have implemented security measures such as firewalls, intrusion detection and prevention systems, and access controls to prevent unauthorized access to their systems.
Moreover, it is advisable to conduct regular security assessments and penetration testing of the systems to identify and mitigate potential vulnerabilities before attackers can exploit them. This can help organizations avoid emerging threats and protect their systems and sensitive data from cyber-attacks.
We hope this post would help you know know how to fix CVE-2023-2131- A critical RCE Vulnerability in ME RTU. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.