CVE-2023-35830

Published Jun 29, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.01r1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AFBF793-6B08-4D93-A6C3-310217A53423"
          },
          {
            "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.02r0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "516BE3EC-957D-4227-A7E9-FD27878C248E"
          },
          {
            "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.03r0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B7C2981-3322-4141-8EE3-53C544DAB147"
          },
          {
            "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.04r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDD8DEB6-12B8-4333-B5AE-0DC56B438335"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:stw-mobile-machines:tcg-4:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C423C3BB-8E62-4DF8-91E7-FCE8D946C4BB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:stw-mobile-machines:tcg-4lite_firmware:3.04r2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A240F0A-9C36-4E51-B65B-A2307AC56761"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:stw-mobile-machines:tcg-4lite:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "431ACC05-E1AB-4D7E-A838-D797589BAF8B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References