Cybersecurity researchers have uncovered multiple severe vulnerabilities in Cinterion cellular modems, posing significant risks to various industries. Initially developed by Gemalto and later acquired by Telit from Thales, these modems are foundational to industrial, healthcare, automotive, financial, and telecommunications sectors. The most critical flaw, CVE-2023-47610, is a heap overflow vulnerability that allows remote attackers to execute arbitrary code via specially crafted SMS messages. Other vulnerabilities include improper privilege management, exposure of sensitive information, and relative path traversal, each posing distinct risks ranging from unauthorized data access to privilege escalation.
The findings were presented at OffensiveCon in Berlin on May 11, 2024, highlighting the potential for these flaws to be exploited without physical access or authentication. Researchers Sergey Anufrienko and Alexander Kozlov, credited with discovering these vulnerabilities, emphasized the complexity of identifying all affected products due to the modems’ integration within other solutions. Kaspersky ICS CERT formally revealed the flaws in a series of advisories published on November 8, 2023, underscoring the urgency for affected organizations to take preventive measures.
To mitigate these risks, organizations are advised to disable non-essential SMS messaging capabilities, use private Access Point Names (APNs), control physical access to devices, and conduct regular security audits and updates. These steps are crucial in protecting against potential exploitation of these vulnerabilities, which could lead to significant disruptions and data breaches across critical sectors. The Hacker News has reached out to Telit for further information, and updates will be provided as they become available.
Given the severity of these vulnerabilities, it is imperative for businesses and organizations relying on Cinterion cellular modems to act swiftly. Enhancing security protocols and maintaining vigilance against potential threats can help mitigate the impact of these critical flaws. The discovery serves as a stark reminder of the evolving nature of cyber threats and the need for robust cybersecurity measures in safeguarding essential communication networks and IoT devices.
Reference:
