What are the security concerns with Sierra OT/IoT routers?

Security researchers have reported 21 vulnerabilities in Sierra OT/IoT routers, posing significant threats to critical infrastructures. These vulnerabilities include remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.

What are the most critical vulnerabilities identified?

The most critical vulnerabilities include CVE-2023-41101 and CVE-2023-38316 (Remote Code Execution in OpenNDS), CVE-2023-40463 and CVE-2023-40464 (Unauthorized Access in ALEOS), and CVE-2023-40461, CVE-2023-40458, CVE-2023-40459, CVE-2023-40462, and CVE-2023-40460 (Cross Site Scripting and Denial of Service in ACEmanager).

How many Sierra Wireless AirLink routers are exposed online?

Over 86,000 AirLink routers are exposed online in critical sectors, mainly in the U.S., with many still vulnerable to previously disclosed attacks or default SSL certificate issues.

Advisory

Researchers repot multiple severe vulnerabilities in Sierra equipment that impacts IOT infrastructure

Q: Which devices are affected by these vulnerabilities?

The vulnerabilities affect Sierra Wireless AirLink cellular routers, widely used in industrial and mission-critical applications, and open-source components like TinyXML and OpenNDS (open Network Demarcation Service).

Q: What remediation measures are recommended for these vulnerabilities?

Forescout advises upgrading to ALEOS version 4.17.0, changing default SSL certificates, disabling non-essential services, and implementing a web application firewall and OT/IoT-aware IDS. Note that TinyXML, also impacted, is abandonware and will not receive fixes.

published: Dec. 6, 2023

Take action: If you are using Sierra equipment, check that they are running in isolated APN/network - not accessible on the public 4G/5G network or internet. Then disable unnecessary services and start patching. Too many of these routers are exposed on the internet, and they will be hacked.

Learn More

Security researchers report 21 vulnerabilities affecting Sierra OT/IoT routers, posing serious threats to critical infrastructures. The vulnerabilities enable remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.

The affected devices are Sierra Wireless AirLink cellular routers, widely used in industrial and mission-critical applications, as well as open-source components like TinyXML and OpenNDS (open Network Demarcation Service).

The most critical vulnerabilities are:

CVE-2023-41101 (Remote Code Execution in OpenNDS – critical severity score of 9.6)
CVE-2023-38316 (Remote Code Execution in OpenNDS – high severity score of 8.8)
CVE-2023-40463 (Unauthorized Access in ALEOS – high severity score of 8.1)
CVE-2023-40464 (Unauthorized Access in ALEOS – high severity score of 8.1)
CVE-2023-40461 (Cross Site Scripting in ACEmanager – high severity score of 8.1)
CVE-2023-40458 (Denial of Service in ACEmanager – high severity score of 7.5)
CVE-2023-40459 (Denial of Service in ACEmanager – high severity score of 7.5)
CVE-2023-40462 (Denial of Service in ACEmanager related to TinyXML – high severity score of 7.5)
CVE-2023-40460 (Cross Site Scripting in ACEmanager – high severity score of 7.1)

Many of these flaws can be exploited without authentication, raising significant security concerns. Exploiting these vulnerabilities could allow attackers full control of routers, leading to network disruptions, espionage, and malware deployment.

A Shodan search revealed over 86,000 AirLink routers exposed online in critical sectors, with a majority in the U.S., and many still vulnerable to previously disclosed attacks or default SSL certificate issues.

To mitigate these risks, researchers advise upgrading to ALEOS version 4.17.0, which patches these vulnerabilities, and taking additional protective measures such as changing default SSL certificates, disabling non-essential services, and implementing a web application firewall and OT/IoT-aware IDS.

TinyXML, also impacted, is abandonware and will not receive fixes.

Researchers repot multiple severe vulnerabilities in Sierra equipment that impacts IOT infrastructure

Read More
Pixmeo patches multiple flaws in OsiriX MD medical …
Critical authentication bypass flaw reported in Instantel Micromate …
Unitronics Vision Series VisiLogic Software vulnerable due to …
Weintek EasyBuilder Pro reports critical vulnerability
Rockwell Automation FactoryTalk reports critical vulnerability