Millions of Thales Wireless IoT Modules Vulnerable to Attack – RTInsights
IBM’s X-Force Red team has revealed a vulnerability in millions of Thales Wireless IoT modules that could put devices like insulin pumps and smart meters at risk. The vulnerability, CVE-2020-15858, was found last year in Thales’ Cinterion EHS8 M2M modules. It was also found in related products, including the BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, and PLS62 modules. The modules can be found in IoT devices used by a number of industries including healthcare, telecommunications, energy, and automotive. IBM refrained from announcing their discovery until Thales had produced a patched and fixed as many devices as they could.