Cybersecurity experts have reported a series of serious vulnerabilities in Cinterion cellular modems, which could be exploited by malicious actors to gain unauthorized access to sensitive data and execute arbitrary code. These vulnerabilities pose significant risks to vital communication infrastructures, as well as to Internet of Things (IoT) devices that are critical in industries such as healthcare, finance, automotive, and telecommunications.
Kaspersky identified eight notable flaws, with the most critical being a serious buffer overflow vulnerability designated as CVE-2023-47610. This flaw, which carries a CVSS score of 8.1, allows an unauthenticated remote attacker to execute arbitrary code on affected systems through specially crafted SMS messages. Such weaknesses not only enable unauthorized code execution but also grant elevated privileges under certain circumstances, allowing for potentially severe impacts on the integrity of interconnected systems.
The Cinterion modems in question were originally developed by Gemalto and are now part of Telit, following its acquisition of Thales. The vulnerabilities were formally disclosed by Kaspersky ICS CERT during the OffensiveCon presentation in Berlin, held on May 11. Security researchers Sergey Anufrienko and Alexander Kozlov have been credited with identifying these risks, which highlight crucial flaws in the handling of MIDlets—Java-based applications operating within the modems.
Kaspersky emphasizes that these vulnerabilities could facilitate many different adversary tactics from the MITRE ATT&CK framework. Techniques such as initial access through SMS messaging, privilege escalation by exploiting improper privilege management, and data exfiltration via file access vulnerabilities could all be applicable. Furthermore, attackers could manipulate the modem’s memory without needing direct access or authentication.
Given the complexity associated with the integration of these modems into various solutions—often layered like a matryoshka doll—identifying specific products at risk proves challenging. Evgeny Goncharov, head of Kaspersky ICS CERT, noted the difficulty in outlining affected machines due to the nature of their deployment.
Organizations using these modem technologies should consider implementing several security measures as a precaution. Recommendations include disabling unnecessary SMS functionalities, utilizing private Access Point Names (APNs) for enhanced security, and enforcing stringent physical security protocols to protect devices from unauthorized access. Regular security audits and system updates are also critical in reducing the risk of exploitation.
Kaspersky has further elaborated on the models vulnerable to these significant risks, which include the Cinterion BGS5, EHS5/6/7, PDS5/6/8, ELS61/81, and PLS62. The firm explains that while these devices serve specific functions, their utilization of low-level programming languages complicates the development of safety features that could have mitigated these vulnerabilities.
As the landscape of cybersecurity evolves, businesses must remain vigilant in addressing potential threats and safeguarding their infrastructures. The communication regarding these vulnerabilities serves as a reminder of the continuous efforts necessary to enhance the resilience of connected devices against increasingly sophisticated attacks.
The Hacker News has contacted Telit for additional details regarding the vulnerabilities and will update the information as more details become available. This serves as an imperative for businesses to stay informed and proactive in their cybersecurity strategies.
