CVE-2023-6248
Data leakage and arbitrary remote code execution in Syrus cloud devices
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations:
* Get location data of the vehicle the device is connected to
* Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 )
* Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization )
* Get live video through the connected video camera
* Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )
La puerta de enlace Syrus4 IoT utiliza un servidor MQTT no seguro para descargar y ejecutar comandos arbitrarios, lo que permite a un atacante remoto no autenticado ejecutar código en cualquier dispositivo Syrus4 conectado al servicio en la nube. El servidor MQTT también filtra la ubicación, el video y los datos de diagnóstico de cada dispositivo conectado. Un atacante que conoce la dirección IP del servidor puede conectarse y realizar las siguientes operaciones: * Obtener datos de ubicación del vehículo al que está conectado el dispositivo * Enviar mensajes del bus CAN a través del módulo ECU (https://syrus.digitalcomtech. com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Inmovilice el vehículo mediante el módulo inmovilizador seguro ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization) * Obtenga video en vivo a través de la cámara de video conectada * Envíe mensajes de audio al conductor (https://syrus.digitalcomtech.com/ docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts)
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-11-21 CVE Reserved
- 2023-11-21 CVE Published
- 2024-10-17 CVE Updated
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-287: Improper Authentication
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
- CAPEC-116: Excavation
- CAPEC-175: Code Inclusion
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.digitalcomtech.com/product/syrus-4g-iot-telematics-gateway | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Digitalcomtech Search vendor "Digitalcomtech" | Syrus 4g Iot Telematics Gateway Firmware Search vendor "Digitalcomtech" for product "Syrus 4g Iot Telematics Gateway Firmware" | apex-23.43.2 Search vendor "Digitalcomtech" for product "Syrus 4g Iot Telematics Gateway Firmware" and version "apex-23.43.2" | - |
Affected
| in | Digitalcomtech Search vendor "Digitalcomtech" | Syrus 4g Iot Telematics Gateway Search vendor "Digitalcomtech" for product "Syrus 4g Iot Telematics Gateway" | - | - |
Safe
|