Cyber Resilience

CVE-2023-6248

CriticalRCE

Published: 21 November 2023

Published
21 November 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0168 82.6th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6248 is a critical-severity Code Injection (CWE-94) vulnerability in Digitalcomtech Syrus 4G Iot Telematics Gateway Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 17.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video…

more

and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

digitalcomtech
syrus 4g iot telematics gateway firmware
apex-23.43.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

Wireless link protection (encryption, directional transmission, etc.) directly prevents unauthorized actors from observing transmitted data.

addresses: CWE-200 CWE-287

Literacy training teaches users to recognize and avoid actions that result in unauthorized exposure of sensitive information.

addresses: CWE-287 CWE-319

Training on authentication mechanisms and best practices decreases the occurrence of improper authentication.

addresses: CWE-200 CWE-287

Session auditing enables detection of unauthorized exposure or access to sensitive information during user activities.

addresses: CWE-200 CWE-287

Audit record review and analysis can detect unauthorized exposure or access to sensitive information.

addresses: CWE-287 CWE-319

Mandating documentation of security requirements for exchanges includes specifying and enforcing authentication mechanisms between systems.

addresses: CWE-287 CWE-200

Penetration testing probes authentication mechanisms for bypasses, allowing identification and fixing of improper authentication issues.

addresses: CWE-200 CWE-319

A data action map identifies locations where sensitive information may be exposed to unauthorized actors during processing or transfer.

References