Vulnerabilities In Cinterion Cellular Modems Threatened IoT And Industrial Devices

Researchers caught numerous security vulnerabilities riddling Cinterion cellular modems, exploiting which would threaten millions of devices. Since no active patches currently exist for the flaws, the researchers recommend applying the suggested mitigations to prevent potential risks.

Numerous Vulnerabilities Caught In Cinterion Cellular Modems

Researchers from Kaspersky discovered eight different vulnerabilities in Telit Cinterion cellular modems. Given the extensive use of these modules in the industrial sector, researchers fear that the vulnerabilities pose a severe threat to industrial networks and IoT devices.

According to the different advisories from Kasperksy, the vulnerabilities include,

  • CVE-2023-47610 (CVSS 8.1): This is the most severe of all vulnerabilities. The researchers describe it as a heap overflow vulnerability modems’ SUPL message handlers. Exploiting this flaw requires an unauthenticated adversary to send maliciously crafted SMS to the target system. Then, the attacker may execute arbitrary codes on the target for any malicious purposes, such as gaining persistent access to the device, manipulating RAM and flash memory, and take complete control of the target modem.
  • CVE-2023-47611 (CVSS 7.3): This vulnerability existed due to improper privilege management, allowing a local attacker to gain manufacturer-level privileges on the target modem.
  • CVE-2023-47612 (CVSS 6.8): An attacker with physical access to the target device could access, read, or write any files and directories.
  • CVE-2023-47613 (CVSS 4.4): A low privileged attacker could exploit this path traversal vulnerability escape virtual directory and gain read/write access to protected files.
  • CVE-2023-47614 (CVSS 3.3): An information disclosure vulnerability that exposed hidden paths and file names to an unauthorized attacker.
  • CVE-2023-47615 (CVSS 3.3): Another information disclosure that exposed sensitive data through environmental variables to an unauthorized low privileged attacker.
  • CVE-2023-47616 (CVSS 3.3): An unauthorized attacker could access sensitive information via physical access to the target system.

These vulnerabilities affect the modems Cinterion BGS5, Cinterion EHS5/6/8, Cinterion PDS5/6/8, Cinterion ELS61/81, and Cinterion PLS62. For now, the exact number of devices using the vulnerable modems remains unclear. Nonetheless, the researchers have communicated the matter to the vendors known for using these modems.

Recommended Mitigations

As general mitigation to CVE-2023-47610, the researchers advise telecom operators to disable SMS delivery to vulnerable devices, and to use a private access point name (APN). For other vulnerabilities, the researchers advise restricting physical access to vulnerable systems, applying app signature verification to prevent untrusted MIDlets installation, and keeping the systems up-to-date with latest security fixes.

The researchers presented their findings at the OffensiveCon in Berlin. In the future, they will elaborate on these findings in a white paper.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients