ICSA-23-131-08 · Published 2023-05-11 · View on CISA ICS-CERT ↗

Teltonika Remote Management System and RUT Model Routers

CVSS 9.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and allow impersonation of legitimate devices.

CVEs (8)

CVE-2023-32346 CVE-2023-32347 CVE-2023-32348 CVE-2023-2586 CVE-2023-2587 CVE-2023-2588 CVE-2023-32349 CVE-2023-32350

Remediations

Teltonika recommends users update their devices to the latest versions.
Remote Management System (RMS) services have already been updated to versions, which fix these vulnerabilities.
Users can download the latest version of their respective RUT model routers by navigating to the appropriate device on Teltonika's website.

Affected Vendors

Teltonika

Affected Products (4)

Teltonika · Remote Management System (RMS) <4.10.0

Teltonika · Remote Management System (RMS) <4.14.0

Teltonika · RUT model routers >=00.07.00|<=00.07.03.4

Teltonika · RUT model routers >=00.07.00|<=00.07.03

Affected Sectors

Water and Wastewater, Energy, Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more