ICSA-22-200-01 · Published 2022-09-20 · View on CISA ICS-CERT ↗

MiCODUS MV720 GPS tracker

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker control over any MV720 GPS tracker, granting access to location, routes, fuel cutoff commands, and the disarming of various features (e.g., alarms).

CVEs (5)

CVE-2022-2107 CVE-2022-2141 CVE-2022-2199 CVE-2022-34150 CVE-2022-33944

Remediations

For the web tracking platform: MiCODUS issued an update eliminating loopholes.
For the Android app: Users should update to V2.0.32 or later on Google Play Store.
For the iOS app: Users should update to V2.1.1or later on Apple App store.

Affected Vendors

MiCODUS

Affected Products (1)

MiCODUS · MV720 GPS tracker MV720

Affected Sectors

Transportation Systems, Government Facilities, Financial Services, Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more