Security News > 2024 > May > Widely used Telit Cinterion modems open to SMS takeover attacks
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. A set of eight separate issues, seven of them with identifiers CVE-2023-47610 through CVE-2023-47616 and another that has yet to be registered, were disclosed last November by security researchers at Kaspersky's ICS CERT division.
On Saturday, at the OffensiveCon conference in Berlin, Alexander Kozlov and Sergey Anufrienko will be providing low level technical details about the security issues and how a threat actor could exploit them to take control of vulnerable Telit Cinterion devices.
Attackers exploiting the flaw via specially crafted SMS messages could trigger the vulnerability and execute arbitrary code remotely on the modem without requiring authentication.
In a report shared with BleepingComputer, the researchers say that the SMS messaging interface is present on all modems and that accessing it is possible if the subscriber number of the target modem in the cellular operator's network is known.
"The vulnerabilities we found, coupled with the widespread deployment of these devices in various sectors, highlight the potential for extensive global disruption," says Evgeny Goncharov, head of Kaspersky ICS CERT. Goncharov notes that because the modems are embedded in other solutions, it is a challenge to determine which products are impacted.
One strategy is to disable SMS sending to impacted devices and using a securely configured private APN. Kaspersky also recommends enforcing application signature verification to prevent the installation of untrusted MIDIets on the modem and take measures to prevent unauthorized physical access to the devices.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-09 | CVE-2023-47610 | Classic Buffer Overflow vulnerability in Telit products A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message. | 9.8 |
2023-11-09 | CVE-2023-47616 | Unspecified vulnerability in Telit products A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system. low complexity telit | 4.6 |