CVE-2023-35830 in TCG-4 Connectivity Module
Summary
by MITRE • 06/29/2023
STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/11/2026
The vulnerability identified as CVE-2023-35830 affects STW TCG-4 and TCG-4lite connectivity modules, specifically within DeploymentPackage versions v3.03r0-Impala, v3.04r2-Jellyfish, and v3.04r2-Jellyfish. This represents a critical security flaw that allows unauthenticated remote code execution with root privileges through the LTE/4G network via SMS commands. The affected devices are widely used in industrial and IoT environments for remote monitoring and control applications, making this vulnerability particularly concerning for operational technology infrastructure.
The technical flaw stems from insufficient authentication mechanisms and improper input validation within the SMS command processing functionality of these connectivity modules. Attackers can exploit this weakness by sending specially crafted SMS messages to the affected devices, which then execute commands with full administrative privileges. This vulnerability directly maps to CWE-287 (Improper Authentication) and CWE-78 (Improper Neutralization of Special Elements used in OS Commands) as it allows unauthorized users to execute arbitrary commands on the target system. The attack vector operates over the cellular network without requiring any prior authentication credentials, making it particularly dangerous for remote industrial systems.
The operational impact of this vulnerability is severe and multifaceted. Organizations relying on these connectivity modules for critical infrastructure monitoring and control face significant risks including unauthorized system access, data exfiltration, and potential disruption of industrial processes. The ability to execute arbitrary code with root privileges means attackers can install malware, modify system configurations, access sensitive data, or completely compromise the device's functionality. This vulnerability particularly affects sectors such as energy, water management, transportation, and manufacturing where remote monitoring systems are critical for operations. The attack surface is expanded by the fact that these devices are often deployed in remote locations with limited physical security, making them prime targets for remote exploitation.
Mitigation strategies for this vulnerability should include immediate firmware updates from STW to address the authentication and input validation flaws. Organizations must implement network segmentation to isolate these devices from critical systems and consider deploying SMS filtering solutions to prevent unauthorized commands from reaching the affected modules. Network monitoring should be enhanced to detect unusual SMS traffic patterns that might indicate exploitation attempts. Additionally, implementing the principle of least privilege and disabling unnecessary services on these devices can help reduce the attack surface. According to ATT&CK framework, this vulnerability maps to T1059 (Command and Scripting Interpreter) and T1133 (External Remote Services) as it enables remote code execution through external cellular communication channels. Organizations should also consider conducting comprehensive security assessments of their industrial control systems to identify similar vulnerabilities in other connected devices.