Connect with us

Hi, what are you looking for?



Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks

Critical vulnerability found in Inea RTU can be exploited to remotely hack devices and cause disruption in industrial organizations.

ICS Ransomware

A critical vulnerability found in a remote terminal unit (RTU) made by Slovenia-based industrial automation company Inea can expose industrial organizations to remote hacker attacks.

The existence of the vulnerability came to light last week, when the US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to inform organizations. The vendor has released a firmware update that patches the issue.

The security hole, tracked as CVE-2023-2131 with a CVSS score of 10, impacts Inea ME RTUs running firmware versions prior to 3.36. This OS command injection bug could allow remote code execution, CISA said.

The impacted product provides a data interface between remote field devices and the control center through a cellular network. According to CISA, the product is used worldwide in industries such as energy, transportation, and water and wastewater.

The vulnerability was discovered and responsibly disclosed by Floris Hendriks, a researcher who is working on getting his master’s degree in cybersecurity at the Radboud University in the Netherlands.

Hendriks found the vulnerability as part of a bigger research project into the security of ICS remote management devices. He and another researcher from Radboud University were recently credited by CISA for serious flaws found in Contec and Control By Web products. 

As part of this project, Hendriks has developed a method for discovering devices using the Censys search engine. Once devices are identified online, their firmware is analyzed for vulnerabilities. 

The researcher told SecurityWeek that the Inea RTU vulnerability can be exploited without authentication directly from the internet. He has identified a couple of internet-exposed devices. 

Advertisement. Scroll to continue reading.

“The exploit can be run from the public internet, the attacker does not have to be on the local network,” Hendriks explained.

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Exploitation of CVE-2023-2131 can result in the attacker gaining root privileges on the targeted RTU, which gives them complete control of the device. The potential impact in a real world scenario depends on what the RTU is used for, but the flaw could allow an attacker to cause disruption.

“It is an RTU, which means that it is a device that sits between the SCADA and the instrumentation devices,” he explained. “As you can control the RTU, you can change both the input and outputs. It depends on what the organization uses the RTU for, but if it is used to, for example, open/close pumps or a water gate then the attacker is able to control that as well.” 

“The attacker is also able to crash the system, which can have an enormous impact on the industrial processes of an organization,” the researcher added. “An attacker can also use it for network pivoting, to get, for example, access to the local network of the organization.”

Related: High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian

Related: Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS

Related: Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.