Modem Mayhem: Critical Flaws in Cinterion Cellular Modems Expose Vast Networks to Hacker Hijinks

Hold onto your modems, folks! Cinterion’s got more holes than Swiss cheese, with a buffet of vulnerabilities that could let hackers waltz right into your sensitive data like they own the place. Call the cybersecurity cavalry! 🚨💻 #ModemMayhem

Hot Take:

Who knew SMS could stand for “Seriously Malicious Stuff”? In the cyber realm, it appears that Cinterion cellular modems have been caught with their digital pants down, showcasing a buffet of vulnerabilities that could give hackers a VIP pass to the information highway. With the ability to send a text and pwn a system, one can only imagine the chaos if our modems start ghostwriting our tweets. Oh, the humanity!

Key Points:

  • A tech horror story: Cinterion modems’ multiple vulnerabilities could turn them into hacker playgrounds.
  • Remote control via SMS: The scariest flaw (CVE-2023-47610) lets attackers execute arbitrary code from afar.
  • Privilege party: Attackers could boost their access levels and frolic around systems like they own the place.
  • MIDlets gone wild: Java-based apps could be tricked into bypassing security checks, leading to unauthorized code execution.
  • Layered like an onion: These modems are in everything, making the ripple effect of these flaws a true cyber whodunit.
Cve id: CVE-2023-47612
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.

Cve id: CVE-2023-47614
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/10/2023
Cve description: A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.

Cve id: CVE-2023-47610
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.

Cve id: CVE-2023-47615
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.

Cve id: CVE-2023-47615
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.

Cve id: CVE-2023-47616
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.

Cve id: CVE-2023-47613
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

Cve id: CVE-2023-47613
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

Cve id: CVE-2023-47613
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

Cve id: CVE-2023-47613
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/09/2023
Cve description: A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.

Cve id: CVE-2023-47611
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/10/2023
Cve description: A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

Cve id: CVE-2023-47611
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/10/2023
Cve description: A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

Cve id: CVE-2023-47611
Cve state: PUBLISHED
Cve assigner short name: Kaspersky
Cve date updated: 11/10/2023
Cve description: A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

Need to know more?

When Texting Turns Treacherous

Imagine sending a text and, instead of emoji reactions, you trigger a code execution. That's the reality with CVE-2023-47610, a flaw that's less about "LOL" and more about "OMG, my infrastructure!" Hackers could potentially turn your modem into their own personal marionette, and you wouldn't even get a notification.

Stepping Up Without Permission

Next up, we've got the privilege escalation flaw, CVE-2023-47611. It's like someone sneaking into a concert and then finding their way backstage to party with the band. Except here, the band is your sensitive data, and the party involves copying, altering, or deleting it while you're none the wiser.

Java Jive and the Signature Shuffle

Java might be great for your morning kick, but when it comes to MIDlets in your modem, it's a different story. These apps could go off-script, skipping over the VIP list (aka digital signature checks) and running unauthorized code with all the privileges of a rockstar—or in this case, a top-level system user.

It's a Small World After All

These modems are like nesting dolls, tucked inside other tech across various industries. Good luck playing cyber detective to trace the full impact of these flaws. As Evgeny Goncharov from Kaspersky puts it, unraveling this digital matryoshka is no walk in the park.

Defensive Measures or Digital Duck and Cover?

While the tech world waits for Telit to spill the beans on how to fix this mess, the recommended steps sound like a digital duck and cover: Disable those SMS features unless you want to risk a hacker's "text bomb," keep your devices locked up tighter than Fort Knox, and get your systems checked out more often than a hypochondriac.

In the meantime, The Hacker News is on the case, reaching out to Telit for the juicy details. Stay tuned for updates, and maybe keep your modem on a short leash. Who knew that in today's world, "Don't text and drive" would also apply to managing your IoT devices?

Tags: Buffer Overflow Vulnerability, Cinterion cellular modems, CVE-2023-47610, IoT Security, Kaspersky ICS CERT, privilege escalation, Remote Code Execution