Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

Posted by Peter Tolan 2 years Ago

 

Cybersecurity experts have uncovered several security vulnerabilities in Cinterion cellular modems that could potentially be exploited by malicious actors to gain access to sensitive information and execute code.

Kaspersky highlighted these vulnerabilities, emphasizing their critical nature, which includes the ability for remote code execution and unauthorized privilege escalation. This poses significant risks to communication networks and IoT devices used across various sectors such as industrial, healthcare, automotive, financial, and telecommunications.

Originally developed by Gemalto and later acquired by Telit from Thales, Cinterion modems are at the core of these security concerns.

The identified vulnerabilities include:

  1. CVE-2023-47610: A buffer overflow vulnerability allowing remote attackers to execute arbitrary code via SMS messages.
  2. CVE-2023-47611: Improper privilege management vulnerability enabling local attackers to elevate privileges.
  3. CVE-2023-47612: Vulnerability granting physical attackers read/write access to files and directories on the system.
  4. CVE-2023-47613: Relative path traversal vulnerability allowing local attackers to access protected files.
  5. CVE-2023-47614: Exposure of sensitive information vulnerability disclosing hidden virtual paths and file names.
  6. CVE-2023-47615: Exposure of sensitive information through environmental variables, leading to unauthorized access.
  7. CVE-2023-47616: Exposure of sensitive information vulnerability granting physical attackers access to sensitive data.

The most severe vulnerability, CVE-2023-47610, facilitates heap overflow, enabling remote execution of arbitrary code via SMS messages. This flaw can be leveraged to manipulate RAM and flash memory, granting attackers more control over the modem without authentication or physical access.

The remaining vulnerabilities stem from security lapses in the handling of MIDlets, Java-based applications within the modems, which can be exploited to bypass digital signature checks and execute unauthorized code with elevated privileges.

The flaws were discovered and reported by security researchers Sergey Anufrienko and Alexander Kozlov, with Kaspersky ICS CERT formally revealing them in advisories on November 8, 2023.

Given the complexity of identifying affected end products due to modem integration within various solutions, organizations are advised to take proactive measures. Recommendations include disabling non-essential SMS messaging, implementing private Access Point Names (APNs), controlling physical device access, and conducting regular security audits and updates.

The Hacker News has reached out to Telit for further information on the flaws, and updates will be provided as soon as available.

Source: thehackernews.com

Peter Tolan
View More Posts
Peter Tolan is a Junior Content Editor for the HIPTHER network, where he has quickly established himself as a versatile voice in the global iGaming and technology sectors. Operating across the network's specialized platforms, Peter leverages a deep understanding of the European and American gaming landscapes to deliver high-impact, B2B intelligence. He is a key contributor to the "Evolution" side of the industry, specializing in the analysis of online gaming trends, the fast-paced world of esports, and the integration of deep-tech innovations. With a sharp eye for emerging technologies, Peter ensures that the HIPTHER community remains at the forefront of the global digital revolution.