.png)
Critical Vulnerabilities have been found by Kaspersky researchers with Cinterion Modems with Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 all being vulnerable to a new code execution vulnerability within the modem’s SUPL message handlers.
By abusing SMS, an attacker could gain authorised access to the operating system of the modem and flash the memory or manipulate RAM without needing to authenticate or needing physical access to the device.
Further flaws were found in how the devices handle MIDlets, Java-based applications which run on the modems which could execute unauthorised code with elevated privileges by having the digital signature check bypassed.
Unfortunately due to how these modems are typically integrated into networks with vendors stacking them atop those from another, organising a full list of possible effected devices can be an issue.
Kaspersky have recommended that non-essential SMS messaging should be disabled so that the device cannot receive these messages and that rigorous digital signature verification should be in place for MIDlets to prevent abuse.
Kaspersky have notified the manufacturer of these issues and it is believed that a fix is being planned however supply chain issues involving parent and subsiadary companies may make this a fix a challenge.
Comentarios