Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution.
“These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT devices foundational to industrial, healthcare, automotive, financial and telecommunications sectors,” Kaspersky said.
Cinterion modems were originally developed by Gemalto before the business was acquired by Telit from Thales as part of a deal announced in July 2022.
The findings were presented at the OffensiveCon held in Berlin on May 11. The list of eight flaws is as follows –
The most severe of the weaknesses is CVE-2023-47610, a heap overflow vulnerability in the modem that enables remote attackers to execute arbitrary code via SMS messages.
Furthermore, the access could be weaponized to manipulate RAM and flash memory, thereby allowing the attackers to exert more control of the modem without authentication or requiring physical access.
The remaining vulnerabilities stem from security lapses in the handling of MIDlets, which refer to Java-based applications running within the modems. They could be abused to bypass digital signature checks and allow unauthorized code execution with elevated privileges.
Security researchers Sergey Anufrienko and Alexander Kozlov have been credited with discovering and reporting the flaws, which were formally revealed by Kaspersky ICS CERT in a series of advisories published on November 8, 2023.
“Since the modems are typically integrated in a matryoshka-style within other solutions, with products from one vendor stacked atop those from another, compiling a list of affected end products is challenging,” Evgeny Goncharov, head of Kaspersky ICS CERT, said.
To mitigate potential threats, organizations are recommended to disable non-essential SMS messaging capabilities, employ private Access Point Names (APNs), control physical access to devices, and conduct regular security audits and updates.
The Hacker News has reached out to Telit for more information on the flaws, and we will update the story once we hear back.
