Kaspersky's ICS CERT team discovered critical vulnerabilities in Cinterion cellular modems, which are widely used in millions of devices crucial for global connectivity. These vulnerabilities allow remote attackers to execute arbitrary code and escalate privileges, posing significant risks to industrial, healthcare, automotive, financial, and telecommunications sectors. The most concerning vulnerability, CVE-2023-47610, enables attackers to execute code via SMS, gaining full control over the modem's functionalities without authentication. Additionally, there are security lapses in handling MIDlets, Java-based applications, that could compromise data confidentiality and integrity. Kaspersky recommends disabling nonessential SMS messaging, using private APNs with strict security settings, enforcing digital signature verification for MIDlets, controlling physical access to devices, and conducting regular security audits and updates.

https://usa.kaspersky.com/about/press-releases/2024_kaspersky-identifies-significant-security-risks-in-widely-used-cinterion-modems

#cybersecurity #cinterion #vulnerabilities #kaspersky #icscert #cve #sms #apn