The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an Industrial Control Systems (ICS) advisory about a critical flaw affecting ME RTU remote terminal units.

The security vulnerability, tracked as CVE-2023-2131, has received the highest severity rating of 10.0 on the CVSS scoring system for its low attack complexity.

"Successful exploitation of this vulnerability could allow remote code execution," CISA said, describing it as a case of command injection affecting versions of INEA ME RTU firmware prior to version 3.36.

Security researcher Floris Hendriks of Radboud University has been credited with reporting the issue to CISA.

Also published by CISA is an alert related to multiple known security holes in Intel(R) processors impacting Factory Automation (FA) products from Mitsubishi Electric that could result in privilege escalation and a denial-of-service (DoS) condition.