CVE-2023-35830
📋 TL;DR
This critical vulnerability in STW TCG-4 and TCG-4lite connectivity modules allows unauthenticated attackers to gain full root access via SMS over LTE/4G networks. Attackers can execute arbitrary remote code, completely compromising affected devices. Organizations using these industrial connectivity modules in mobile machinery are at risk.
💻 Affected Systems
- STW TCG-4 Connectivity Module
- STW TCG-4lite Connectivity Module
📦 What is this software?
Tcg 4 Firmware by Stw Mobile Machines
Tcg 4 Firmware by Stw Mobile Machines
Tcg 4 Firmware by Stw Mobile Machines
Tcg 4 Firmware by Stw Mobile Machines
Tcg 4lite Firmware by Stw Mobile Machines
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of industrial systems, allowing attackers to disable safety systems, manipulate operational data, or cause physical damage to connected machinery.
Likely Case
Remote takeover of connectivity modules to establish persistent access, exfiltrate sensitive operational data, or use as foothold into industrial networks.
If Mitigated
Limited impact if devices are isolated from critical systems and SMS functionality is disabled or monitored.
🎯 Exploit Status
Exploitation requires only SMS access to the device's cellular interface, making it accessible to any attacker with the phone number.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: DeploymentPackage_v3.04r3-Jellyfish and later
Vendor Advisory: https://www.stw-mobile-machines.com/psirt/
Restart Required: Yes
Instructions:
1. Download updated deployment package from STW support portal. 2. Backup current configuration. 3. Apply new firmware via STW deployment tools. 4. Verify successful update and restore configuration if needed.
🔧 Temporary Workarounds
Disable SMS functionality
allRemove or disable SMS capabilities on affected modules to prevent exploitation vector
Configure via STW management interface: set sms_enabled = false
Network segmentation
allIsolate affected modules from critical systems using firewalls and VLANs
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected modules from critical systems
- Deploy SMS filtering/gateway solutions to block malicious SMS messages
🔍 How to Verify
Check if Vulnerable:
Check deployment package version in STW management interface or via SSH: cat /etc/versionCheck Version:
cat /etc/version || grep -i version /etc/*releaseVerify Fix Applied:
Verify version shows DeploymentPackage_v3.04r3-Jellyfish or later, and test SMS functionality is properly secured📡 Detection & Monitoring
Log Indicators:
- Unexpected SMS message processing
- Unauthorized root access attempts
- Unusual process execution from SMS handlers
Network Indicators:
- SMS traffic to module followed by unexpected outbound connections
- Unusual network activity from module
SIEM Query:
source="stw_module" AND (event="sms_received" OR event="root_login")