Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries


Cybersecurity experts have uncovered several security vulnerabilities in Cinterion cellular modems that could potentially be exploited by malicious actors to gain access to sensitive information and execute code.

Kaspersky highlighted these vulnerabilities, emphasizing their critical nature, which includes the ability for remote code execution and unauthorized privilege escalation. This poses significant risks to communication networks and IoT devices used across various sectors such as industrial, healthcare, automotive, financial, and telecommunications.

Originally developed by Gemalto and later acquired by Telit from Thales, Cinterion modems are at the core of these security concerns.

The identified vulnerabilities include:

  1. CVE-2023-47610: A buffer overflow vulnerability allowing remote attackers to execute arbitrary code via SMS messages.
  2. CVE-2023-47611: Improper privilege management vulnerability enabling local attackers to elevate privileges.
  3. CVE-2023-47612: Vulnerability granting physical attackers read/write access to files and directories on the system.
  4. CVE-2023-47613: Relative path traversal vulnerability allowing local attackers to access protected files.
  5. CVE-2023-47614: Exposure of sensitive information vulnerability disclosing hidden virtual paths and file names.
  6. CVE-2023-47615: Exposure of sensitive information through environmental variables, leading to unauthorized access.
  7. CVE-2023-47616: Exposure of sensitive information vulnerability granting physical attackers access to sensitive data.

The most severe vulnerability, CVE-2023-47610, facilitates heap overflow, enabling remote execution of arbitrary code via SMS messages. This flaw can be leveraged to manipulate RAM and flash memory, granting attackers more control over the modem without authentication or physical access.

The remaining vulnerabilities stem from security lapses in the handling of MIDlets, Java-based applications within the modems, which can be exploited to bypass digital signature checks and execute unauthorized code with elevated privileges.

The flaws were discovered and reported by security researchers Sergey Anufrienko and Alexander Kozlov, with Kaspersky ICS CERT formally revealing them in advisories on November 8, 2023.

Given the complexity of identifying affected end products due to modem integration within various solutions, organizations are advised to take proactive measures. Recommendations include disabling non-essential SMS messaging, implementing private Access Point Names (APNs), controlling physical device access, and conducting regular security audits and updates.

The Hacker News has reached out to Telit for further information on the flaws, and updates will be provided as soon as available.