TEM Opera Plus FM Family Transmitter

Plan PatchCVSS 9.8ICS-CERT ICSA-24-277-01Oct 3, 2024

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Opera Plus FM Family Transmitter contains multiple authentication and authorization vulnerabilities (CWE-306, CWE-352) that allow unauthenticated remote code execution. Successful exploitation could permit an attacker to execute arbitrary commands on affected transmitters, disrupting broadcast operations or modifying transmitter behavior. TEM has not responded to CISA regarding mitigation and has stated no fix will be provided for version 35.45.

What this means

What could happen

An attacker who gains network access to an Opera Plus FM transmitter could execute arbitrary commands on the device, potentially disrupting RF transmission operations or altering transmitter settings and output.

Who's at risk

FM broadcast transmitter operators, radio stations, and telecommunications facilities using TEM Opera Plus FM Family Transmitters are affected. This applies to any facility operating these transmitters in version 35.45.

How it could be exploited

An unauthenticated attacker on the network can reach the transmitter's exposed management interface and exploit missing authentication or CSRF protection to inject and execute code on the device.

Prerequisites

Network reachability to the Opera Plus FM transmitter
No credentials required for exploitation

remotely exploitableno authentication requiredlow complexityno patch availablehigh CVSS score (9.8)

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Opera Plus FM Family Transmitter: 35.4535.45No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to Opera Plus FM transmitters to authorized management stations only using firewall rules.

WORKAROUNDMonitor network traffic to the transmitters for unexpected management connections and block unauthorized access attempts at the firewall.

Mitigations - no patch available

0/2

Opera Plus FM Family Transmitter: 35.45 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGIsolate Opera Plus FM transmitters from the business network and the internet; place them on a dedicated, air-gapped operational network.

HARDENINGIf remote access to Opera Plus FM transmitters is required, implement VPN with strong authentication to control management traffic.

CVEs (2)

CVE-2024-41988 CVE-2024-41987

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cb5fc341-4b3d-40a0-a12b-8ea0ebee5f23

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.