Kaspersky researchers have recognized a number of safety vulnerabilities in Cinterion mobile modems, which may doubtlessly be exploited by risk actors to entry delicate data and execute arbitrary code.
These vulnerabilities pose vital dangers to important communication networks and IoT gadgets throughout numerous sectors, together with industrial, healthcare, automotive, monetary, and telecommunications.
Probably the most extreme vulnerability, CVE-2023-47610 (CVSS rating: 8.1), is a heap overflow flaw that permits distant attackers to execute arbitrary code by sending a specifically crafted SMS message. This entry could possibly be additional exploited to govern RAM and flash reminiscence, granting attackers extra management over the modem with out requiring authentication or bodily entry.
Different vulnerabilities found by Kaspersky stem from safety lapses in dealing with MIDlets, Java-based functions operating throughout the modems. These flaws could possibly be abused to bypass digital signature checks and permit unauthorized code execution with elevated privileges.
Cinterion modems, initially developed by Gemalto, grew to become a part of Telit after its acquisition from Thales in a deal introduced in July 2022. These findings have been unveiled throughout OffensiveCon in Berlin on Might 11, 2024. The complete listing of vulnerabilities disclosed by Kaspersky consists of:
- CVE-2023-47610 (CVSS rating: 8.1)
- CVE-2023-47611 (CVSS rating: 7.8)
- CVE-2023-47612 (CVSS rating: 6.8)
- CVE-2023-47613 (CVSS rating: 4.4)
- CVE-2023-47614 (CVSS rating: 3.3)
- CVE-2023-47615 (CVSS rating: 3.3)
- CVE-2023-47616 (CVSS rating: 2.4)
Jason Soroko, Senior Vice President of Product at Sectigo, emphasised the significance of those findings, stating, “Cinterion built-in modems are used within the provide chain of many IoT gadgets to permit knowledge entry by mobile communication and the vulnerabilities which can be being reported are largely about flaws in reminiscence administration that would result in unauthorized code execution, not only for attackers within the bodily possession of the machine.“
“There’s additionally a distant assault potential through a rigorously crafted SMS message. These are the very best precedence vulnerabilities that organizations and safety groups want to pay attention to,“ he warned.
As Cinterion modems are extensively utilized in IoT gadgets throughout numerous industries, organizations and safety groups should concentrate on these vulnerabilities and take vital measures to mitigate the dangers related to them.
Kaspersky’s findings present the significance of strong safety practices and common vulnerability assessments in making certain the protection and integrity of important communication networks and IoT gadgets.
RELATED TOPICS
- Vulnerability Uncovered Ibis Price range Visitor Room Codes to Hackers
- “LeakyCLI” Vulnerability Leaks AWS and Google Cloud Credentials
- LiteSpeed Cache Plugin Vulnerability Impacts 1.8M WordPress Websites
- TheMoon Malware Returns: 6,000 Asus Routers Hacked in 72 Hours
- New GEOBOX Device Hijacks Raspberry Pi, Lets Hackers Pretend Location