Remote Code Execution Vulnerability in STW TCG-4 Connectivity Module
CVE-2023-35830

9.8CRITICAL

Key Information:

Vendor: Stw-mobile-machines
Status: Tcg-4 Firmware
Vendor: CVE Published:; 29 June 2023

🔔 Create Stw-mobile-machines Vulnerability Alert

What is CVE-2023-35830?

The STW TCG-4 Connectivity Modules are susceptible to a vulnerability that allows attackers to gain full remote access with root privileges without the need for authentication. This flaw can be exploited over LTE/4G networks using SMS, enabling attackers to execute arbitrary code remotely, thereby compromising the integrity and security of connected systems.

References

https://www.stw-mobile-machines.com/fileadmin/user_upload...

https://www.stw-mobile-machines.com/psirt/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2023
Vulnerability Reserved
Jun 18, 2023

CVE-2023-35830 Data

JSON