A number of critical vulnerabilities have been found in Telit Cinterion mobile M2M modems, together with the potential for distant arbitrary code execution (RCE) through SMS messages. These modems are utilized in hundreds of thousands of various units and techniques for each the buyer market section (fee terminals, ATMs, vehicles) and numerous industries similar to healthcare, monetary, telecommunications, manufacturing and so forth. We’ll inform you in regards to the detected vulnerabilities and how one can defend your self from them.
Crucial vulnerabilities in Cinterion modems
In whole, Kaspersky ICS-CERT consultants found seven zero-day vulnerabilities in Telit Cinterion modems:
Essentially the most harmful is the primary vulnerability on this record (CVE-2023-47610). Amongst different issues, it permits attackers to govern the modem’s reminiscence and flash drive, finally giving them full management over the system. Moreover, this assault doesn’t require bodily entry to the system or authentication.
Which units have the described vulnerabilities?
All the vulnerabilities talked about above, from CVE-2023-47610 to CVE-2023-47616, have an effect on the next record of mobile IoT modems:
- Cinterion BGS5
- Cinterion EHS5/6/8
- Cinterion PDS5/6/8
- Cinterion ELS61/81
- Cinterion PLS62
Details about the vulnerabilities in these merchandise was communicated upfront to Cinterion, the producer of the modems.
It must be famous that the Cinterion modem line has modified fingers a number of instances. Cinterion firm was acquired by Gemalto in 2010. In 2019, Gemalto was absorbed by Thales. Lastly, in 2023, Thales offered the Cinterion modem line to Telit, leading to Telit Cinterion.
It’s extraordinarily tough at this stage to compile a whole record of finish merchandise affected by these vulnerabilities. Producers not often disclose the part base used of their merchandise, and mobile modem chips are sometimes indirectly built-in into finish units, however are components of different elements. What you find yourself with is multistage nesting – one provider makes use of one other provider’s options of their product, that provider makes use of a 3rd, and so forth down the chain. Because of this, it isn’t straightforward even for the producer of the tip system to find out which chip performs the modem capabilities.
Within the close to future, our consultants plan to publish an in depth technical report on the safety of Telit Cinterion modems on the Kaspersky ICS-CERT web site.
We at the moment are speaking with the producers of these merchandise recognized to make use of susceptible modems.
In case you are conscious of such merchandise, please notify us at mailto:ics-cert@kaspersky.com. We’ll attempt to contact the producers and supply them with a modem vulnerability report in order that they will assess the influence of the vulnerabilities on the safety of their merchandise and plan mitigation measures.
Methods to defend your self from the described vulnerabilities
To guard in opposition to probably the most harmful of the found vulnerabilities (CVE-2023-47610), Kaspersky ICS-CERT consultants advocate the next measures:
- Disable SMS supply to affected units (this may be executed by the telecom operator).
- Use a personal entry level title (APN) with strict safety settings.
For the opposite vulnerabilities (from CVE-2023-47611 to CVE-2023-47616), Kaspersky ICS-CERT consultants advise doing the next:
- Implement software signature verification to ban set up of untrusted MIDlets on the system.
- Strictly management bodily entry to the susceptible units.
- Set up updates and carry out common safety audits.
