Critical Infrastructure Security, Vulnerability Management, Endpoint/Device Security

Flaws found in popular Telit cellular modems

Women hand using smartphone typing, chatting conversation in chat box icons pop up. Social media maketing technology concept.Vintage soft color tone background.

Security researchers at Kaspersky's ICS CERT division revealed critical vulnerabilities in Telit Cinterion cellular modems, which are popularly used in the industrial, healthcare, and telecommunications sectors, BleepingComputer reports.

The flaws include a heap overflow issue designated as CVE-2023-47610 that could enable remote code execution via SMS, with NIST rating its severity as 9.8 out of 10. Attackers can exploit this flaw to execute arbitrary code remotely without authentication, posing serious risks to device integrity and network security. The seven other discovered vulnerabilities and one that's not yet been registered have received a lower severity score but can still be exploited to compromise the integrity of MIDlets. The group's research focused on the Cinterion EHS5-E series modem, but the vulnerabilities also affect the Cinterion BGS5, Cinterion EHS5/6/7, Cinterion PDS5/6/8, Cinterion ELS61/81, and the Cinterion PLS62 due to having similar hardware and software.

While Telit has addressed some vulnerabilities, others remain unpatched, leaving devices susceptible to exploitation. Mitigation strategies offered by Kaspersky include disabling SMS sending, enforcing application signature verification, and securing physical access to devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.