Sierra Wireless AirLink Raven XE and XT

CVSS 10.0 CRITICAL

Risk Summary

ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available.

CVE-2017-6044 CVE-2017-6042 CVE-2017-6046

Sierra Wireless has released new firmware versions to address the forced browsing and cross-site request forgery vulnerabilities. Sierra Wireless reports that the insufficiently protected credentials vulnerability will not be addressed.
Sierra Wireless's Raven XE firmware Version 4.0.14
Sierra Wireless's Raven XT firmware Version 4.0.11
Sierra Wireless has released a Technical Bulletin
For additional information about these vulnerabilities or the recommendations provided, please contact Sierra Wireless' security team at [email protected]

Sierra Wireless

Sierra Wireless · AirLink Raven XT < 4.0.11

Sierra Wireless · AirLink Raven XE < 4.0.14

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.