Critical vulnerabilities in Telit Cinterion cellular modems used in industrial IoT devices have been uncovered by researchers from Kaspersky’s ICS CERT division.


The most severe vulnerability [2] [3], known as CVE-2023-47610 [6], allows threat actors to remotely gain root access without authentication [6], enabling arbitrary code execution via SMS with knowledge of the target modem’s subscriber number [6]. Additionally, a heap overflow flaw in these modems permits remote code execution through SMS messages. Telit has released patches to address these vulnerabilities, but the widespread use of these modems across various sectors poses a global disruption risk [6]. Evgeny Goncharov [5] [6] [8], head of Kaspersky ICS CERT [6] [8], has warned of the potential for global disruption due to the severity of these vulnerabilities. Recommendations to mitigate these risks include disabling nonessential SMS messaging capabilities, enforcing digital signature verification for MIDlets [5] [7], implementing network-level controls to prevent the delivery of malicious SMS messages [4], and utilizing endpoint security solutions and industrial cybersecurity measures [7]. Collaborative efforts between telecom operators and affected entities are crucial to implementing these mitigation measures effectively [2]. Organizations are advised to implement private APNs, control physical device access [1] [3], and conduct regular security audits and updates to protect against potential attacks. These vulnerabilities are particularly concerning for industries relying on IoT technology, such as healthcare and telecommunications.


The critical vulnerabilities in Telit Cinterion cellular modems highlight the importance of implementing robust cybersecurity measures in industrial IoT devices. Organizations must take proactive steps to mitigate risks, collaborate with stakeholders, and stay vigilant against potential threats to safeguard their operations and data.