Vulnerability Details : CVE-2023-6248
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations:
* Get location data of the vehicle the device is connected to
* Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 )
* Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization )
* Get live video through the connected video camera
* Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )
Published
2023-11-21 22:15:09
Updated
2023-12-04 15:05:22
Vulnerability category: Execute codeBypassGain privilegeInformation leak
Products affected by CVE-2023-6248
- cpe:2.3:o:digitalcomtech:syrus_4g_iot_telematics_gateway_firmware:apex-23.43.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6248
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6248
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
Automotive Security Research Group (ASRG) | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-6248
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: cve@asrg.io (Secondary)
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: cve@asrg.io (Secondary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: cve@asrg.io (Secondary)
-
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.Assigned by: cve@asrg.io (Secondary)
References for CVE-2023-6248
-
https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway/
Syrus 4G IoT Telematics Gateway - Digital Communications TechnologiesProduct
Jump to