A series of vulnerabilities have been found in Telit Cinterion cellular modems, commonly used in various sectors like industrial, healthcare, and telecommunications.
These vulnerabilities, identified as CVE-2023-47610 through CVE-2023-47616, were disclosed by Kaspersky's ICS CERT. The most severe, a heap overflow vulnerability (CVE-2023-47610), allows remote code execution via specially crafted SMS messages, enabling attackers to potentially take complete control of the modem's functionalities without needing physical access or authentication.
Kaspersky has issued recommendations for mitigation, including disabling SMS to aƯected devices and enforcing application signature verification.
