Sierra Wireless AirLink Raven XE and XT

Plan PatchCVSS 10ICS-CERT ICSA-17-115-02Apr 25, 2017

Sierra Wireless

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Sierra Wireless AirLink Raven XE and XT contain multiple authentication and authorization flaws (CWE-285, CWE-352, CWE-522) that allow unauthenticated remote attackers to execute arbitrary commands with root privileges. The affected products lack proper input validation and session management. All versions of AirLink Raven XT (below 4.0.11) and AirLink Raven XE (below 4.0.14) are vulnerable. The vulnerabilities require only network access and can be exploited with publicly available tools. No vendor patch is currently available.

What this means

What could happen

An attacker with network access to the AirLink gateway could bypass authentication and execute arbitrary commands, potentially disrupting network connectivity, modifying device settings, or accessing sensitive operational data on connected networks.

Who's at risk

This affects utilities and municipalities using Sierra Wireless AirLink Raven gateways for remote management of SCADA systems, cell tower backhaul, or other critical network infrastructure. Impacts any organization relying on these industrial routers for remote site connectivity.

How it could be exploited

An attacker on the network (or internet if the device is port-forwarded) sends crafted requests directly to the AirLink web interface on port 80/443, exploiting the authentication bypass to gain administrative access and execute system commands with root privileges.

Prerequisites

Network access to AirLink gateway (port 80 or 443)
No authentication required
Device must be reachable from the attacker's network location

Remotely exploitableNo authentication requiredLow attack complexityPublic exploits availableNo patch availableCVSS 10.0 (critical)

Exploitability

Some exploitation risk — EPSS score 7.7%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

AirLink Raven XT: all< 4.0.11No fix (EOL)

AirLink Raven XE: all< 4.0.14No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDImmediately restrict network access to the AirLink gateway. Block inbound connections to ports 80 and 443 from untrusted networks using a firewall or network ACL. Only allow connections from authorized management workstations and control system networks.

HARDENINGIsolate AirLink Raven XT and XE devices on a dedicated, segmented network with strict inbound/outbound access controls. Do not allow direct internet access or exposure to untrusted networks.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXIf your AirLink Raven XT is running firmware < 4.0.11 or Raven XE is running < 4.0.14, contact Sierra Wireless for updated firmware. Verify availability of fixes and plan a maintenance window to upgrade. Note: As of this advisory, no fix has been released; follow Sierra Wireless security updates closely.

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: AirLink Raven XT: all, AirLink Raven XE: all. Apply the following compensating controls:

HARDENINGMonitor AirLink gateway access logs for unauthorized login attempts or unfamiliar administrative sessions. Alert on repeated failed authentication or successful logins from unknown IP addresses.

HARDENINGEvaluate whether the AirLink gateway is necessary in your environment. If it is no longer in use or can be replaced with a newer model, plan decommissioning or replacement as a long-term solution.

CVEs (3)

CVE-2017-6044 CVE-2017-6042 CVE-2017-6046

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5d18feeb-5be7-423a-a34f-742b686cb1bd

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.