TTCSIRT-341.08.24.20: TT-CSIRT ADVISORY – Vulnerability in Thales Product

IBM researchers have discovered a new IoT vulnerability that can be exploited remotely. The manufacturer, Thales, has made a patch available for CVE-2020-15858 to customers and X-Force Red has been working together to ensure users are aware of the patch and taking steps to secure their systems.

Thales confirmed that this vulnerability affects other modules within the same product line of the EHS8 (BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, PLS62), further expanding the potential impact of this vulnerability. These modules are mini circuit boards that enable mobile communication in IoT devices.

The potential impact of this vulnerability varies based on which of the devices using this line of modules attackers may compromise. It’s understood that there are millions of devices around the world using this module, across the automotive, medical, energy and telecom industries.

For further information and support, please visit the following link: 
https://securityintelligence.com/posts/new-vulnerability-could-put-iot-devices-at-risk/

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt