Sierra Wireless Discontinues Gateway

Tuesday, January 7, 2014 @ 06:01 PM gHale

There are multiple vulnerabilities in the Sierra Wireless AirLink Raven X EV-DO application, according to a report on ICS-CERT.

As a result, Sierra Wireless discontinued the AirLink Raven X EV-DO and recommends customers use GX400, GX440, or LS300 as replacements that mitigate these remotely exploitable vulnerabilities.

RELATED STORIES
NovaTech DNP3 Vulnerability
Siemens COMOS Privilege Escalation
Cooper Ends Server after Finding Bug
Cooper Power Fixes SMP Gateway Bug

The following Sierra Wireless versions suffer from the issue: AirLink Raven X EV-DO Versions V4221_4.0.11.003 and V4228_4.0.11.003. A researcher at Cimation discovered the vulnerabilities.

These vulnerabilities allow an attacker to remotely reprogram the firmware on the device. After reprogramming the firmware, an attacker can affect functionality of the application, including system shutdown.

Sierra Wireless is a Canadian company that maintains offices in several countries around the world, including the United States, France, and China.

AirLink Raven X EV-DO, is a gateway that provides connectivity to industrial, enterprise, and transportation organizations around the world. AirLink Raven X EV-DO sees use across the energy and transportation systems sectors, according to Sierra Wireless. Sierra Wireless said these products ended up used primarily in Canada, the United States, and Europe.

The AirLink Raven X EV-DO does not use encryption in the update and reprogramming process. By using the passwords and user names stored in plain text, an attacker could reprogram the firmware. This could allow the attacker to affect the availability of the firmware.

CVE-2013-2819 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 9.3.

The AirLink Raven X EV-DO is vulnerable to replay attacks that bypass authentication. By sending a series of crafted packets to Port 17336/UDP and Port 17388/UDP, an attacker could reprogram the device’s firmware image. This could allow the attacker to affect the availability of the firmware.

CVE-2013-2820 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.

No known public exploits specifically target these vulnerabilities, however, an attacker with a low skill would be able to exploit these vulnerabilities.

Sierra Wireless discontinued the AirLink Raven X EV-DO and recommends customers use GX400, GX440, or LS300 as replacements that mitigate these vulnerabilities. Click here for additional information and downloads.

Sierra Wireless recommends the following steps to mitigate this vulnerability:
• Do not perform firmware updates over the LAN or over the air. If device firmware needs to be updated, this should be done by directly attaching a PC running the firmware update tool to the device via an Ethernet cable. We are investigating methods to perform secure firmware updates remotely, and will provide information on this method when available.
• Disable over-the-air programming of the device. See the ALEOS 4.0.11 Configuration User Guidepage 162 for details on how to disable over-the-air programming.
• Regular periodic updates to device passwords are recommended as a general network security practice. See the ALEOS 4.0.11 Configuration User Guide page 161 for details on how to change the device password.
• For high-security applications such as critical infrastructure monitoring, Sierra Wireless advises customers to deploy cellular devices using a Private Cellular Network or VPN to reduce the risk of an attacker capturing data transferred to/from the device.



Leave a Reply

You must be logged in to post a comment.