Analysis Summary

Millions of devices across various industries are at risk of compromise due to several vulnerabilities in cellular modem technology from Telit. These Cinterion modems are used by numerous vendors to enable communication in IoT devices like industrial equipment, smart meters, and medical devices.

The most critical vulnerability (CVE-2023-47610) allows attackers to remotely execute malicious code on affected devices simply by sending an SMS message. This could grant attackers complete control over the device's functions, potentially compromising data integrity and disrupting critical operations in sectors like healthcare, telecommunications, and transportation.

The security firm that discovered the vulnerabilities recommends disabling SMS functionalities on vulnerable devices and using private access points with strong security settings. Additionally, telecom vendors can play a role by implementing network-level controls to prevent malicious SMS messages from reaching vulnerable devices.

While Telit has issued patches for some of the vulnerabilities, not all have been addressed. The researchers reported the issues last November to allow Telit time to inform customers. The delay in full disclosure aimed to ensure users had time to implement mitigation measures before attackers could exploit the flaws.

This incident highlights the growing problem of IoT vulnerabilities. Attacks targeting these devices, especially in critical infrastructure settings, are on the rise. The lack of timely patching by vendors further exacerbates the issue. It is crucial for organizations using IoT devices to stay updated on vulnerabilities and implement appropriate security measures to minimize risks.

Impact

• Remote Code Execution
• Operational Disruption
• Exposure of Sensitive Data
• Unauthorized Access

Indicators of Compromise

CVE

• CVE-2023-47610

Affected Vendors

Affected Products

• Telit Cinterion BGS5
• Telit Cinterion EHS5
• Telit Cinterion EHS6
• Telit Cinterion EHS8
• Telit Cinterion PDS5
• Telit Cinterion PDS6
• Telit Cinterion PDS8
• Telit Cinterion ELS61
• Telit Cinterion ELS81
• Telit Cinterion PLS62

Remediation

• Refer to the Telit Website for patch, upgrade, or suggested workaround information.
• Immediately deactivate SMS capabilities on affected IoT devices to prevent exploitation of the critical vulnerability.
• Utilize private access points with robust security configurations to restrict unauthorized access to vulnerable devices.
• Engage with telecom vendors to implement filtering mechanisms at the network level, blocking potentially malicious SMS messages before they reach vulnerable IoT devices.
• Promptly apply available patches and updates for all identified vulnerabilities.
• Regularly assess IoT device security through audits and vulnerability scans to identify and mitigate risks promptly.
• Provide training and awareness sessions for staff on IoT security best practices, emphasizing the importance of timely updates and proactive security measures.
• Formulate and implement a robust IoT security strategy encompassing defense-in-depth principles, including network segmentation, device hardening, and continuous monitoring.
• Establish a clear incident response plan outlining steps to address potential IoT security breaches swiftly and effectively.
• Participate in industry collaboration initiatives to share threat intelligence, best practices, and lessons learned in IoT security to enhance overall resilience.