Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cinterion Modem Flaws Pose Risk to Millions of Devices in Industrial, Other Sectors

A critical vulnerability in the Cinterion cellular modems can be exploited for remote code execution via SMS messages.

Kaspersky on Friday raised the alarm on a series of vulnerabilities in Cinterion cellular modems that expose millions of devices to remote code execution attacks.

A series of seven security defects identified in the widely deployed modems could lead to information leaks, elevation of privilege, sandbox escape, arbitrary code execution, and unauthorized access to files and directories on the target system.

The most severe of these flaws is CVE-2023-47610 (CVSS score of 9.8), a buffer overflow issue that “could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.”

According to Kaspersky, the successful exploitation of this bug could provide attackers with “unprecedented access” to devices containing the Cinterion BGS5, Cinterion EHS5/6/8, Cinterion PDS5/6/8, Cinterion ELS61/81, and Cinterion PLS62 modems.

“This access also facilitates the manipulation of RAM and flash memory, increasing the potential to seize complete control over the modem’s functionalities—all without authentication or requiring physical access to the device,” Kaspersky says.

To mitigate the risk posed by this bug, users are advised to disable the nonessential SMS messaging capabilities, by contacting the mobile operator, and using a private APN with strict security settings.

The cybersecurity firm also identified vulnerabilities in the handling of Java-based applications called MIDlets that could be exploited to execute code with elevated privileges.

“This flaw poses significant risks not only to data confidentiality and integrity, but it also escalates the threat to broader network security and device integrity,” Kaspersky says.

Advertisement. Scroll to continue reading.

The issues, tracked as CVE-2023-47611 through CVE-2023-47616, can be mitigated by verifying the digital signature for MIDlets, by strictly controlling physical access to devices, and through regular audits and updates.

Kaspersky reported the flaws to the vendor in February 2023 and published advisories on them in November. Originally developed by Gemalto, the Cinterion modems are now owned by Telit, which acquired the business from Thales last year.

The Cinterion modems are used in various machine-to-machine (M2M) and IoT communications applications, including industrial automation, telematics, smart metering, and healthcare monitoring products.

According to Kaspersky researcher Evgeny Goncharov, the exploitation of these severe flaws could lead to widespread disruptions, given the broad deployment of the vulnerable modems.

“Since the modems are typically integrated in a matryoshka-style within other solutions, with products from one vendor stacked atop those from another, compiling a list of affected end products is challenging. Affected vendors must undertake extensive efforts to manage risks, with mitigation often feasible only on the telecom operators’ side,” Goncharov says.

Related: Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability

Related: Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure

Related: CISA Warns of Apache Superset Vulnerability Exploitation

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...