ICSA-23-341-06 · Published 2023-12-07 · View on CISA ICS-CERT ↗

Sierra Wireless AirLink with ALEOS firmware

CVSS 8.1 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution to take full control of the device, steal credentials through a cross site scripting attack, or crash the device being accessed through a denial-of-service attack.

CVEs (7)

CVE-2023-40458 CVE-2023-40459 CVE-2023-40460 CVE-2023-40461 CVE-2023-40462 CVE-2023-40463 CVE-2023-40464

Remediations

Sierra Wireless has released the following software fixes and recommends users update their devices:
AirLink ALEOS firmware: Version 4.9.9
AirLink ALEOS firmware: Version 4.17.0
For more information, please see Sierra Wireless' security advisory.

Affected Vendors

Sierra Wireless

Affected Products (2)

Sierra Wireless · AirLink ALEOS firmware <4.9.9

Sierra Wireless · AirLink ALEOS firmware <4.17.0

Affected Sectors

Commercial Facilities, Communications, Emergency Services, Energy, Government Facilities, Transportation Systems, Water and Wastewater Systems

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more