CVE-2020-15858

Name of the Vulnerable Software and Affected Versions Thales DIS (formerly Gemalto, formerly Cinterion) BGS5 versions up to and including SW RN 02.000 / ARN 01.001.06 Thales DIS (formerly Gemalto, formerly Cinterion) EHSx versions up to and including SW RN 04.003 / ARN 01.000.04 Thales DIS (formerly Gemalto, formerly Cinterion) PDSx versions up to and including SW RN 04.003 / ARN 01.000.04 Thales DIS (formerly Gemalto, formerly Cinterion) ELS61 versions up to and including SW RN 02.002 / ARN 01.000.04 Thales DIS (formerly Gemalto, formerly Cinterion) ELS81 versions up to and including SW RN 05.002 / ARN 01.000.04 Thales DIS (formerly Gemalto, formerly Cinterion) PLS62 versions up to and including SW RN 02.000 / ARN 01.000.04

Description The directory path access check of the internal flash file system in some Thales DIS devices can be circumvented, allowing directory traversal by physically proximate attackers. This flash file system stores application-specific data and data needed for customer Java applications, TLS, and OTAP functionality. Researchers found seven vulnerabilities, one of which can be exploited remotely, and the set of errors can allow an attacker to fully compromise the modem. By gaining remote control over the modem, researchers were able to access the vehicle's main systems, including engine management, transmission, and braking systems.

Recommendations For BGS5 versions up to and including SW RN 02.000 / ARN 01.001.06, consider disabling the internal flash file system until a patch is available. For EHSx versions up to and including SW RN 04.003 / ARN 01.000.04, restrict access to the vulnerable directory path to minimize the risk of exploitation. For PDSx versions up to and including SW RN 04.003 / ARN 01.000.04, avoid using the vulnerable flash file system until the issue is resolved. For ELS61 versions up to and including SW RN 02.002 / ARN 01.000.04, consider temporarily disabling the OTAP functionality to prevent exploitation. For ELS81 versions up to and including SW RN 05.002 / ARN 01.000.04, restrict access to the vulnerable Java applications until a patch is available. For PLS62 versions up to and including SW RN 02.000 / ARN 01.000.04, consider disabling the TLS functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.