TEM Opera Plus FM Family Transmitter

Act Now9.8ICS-CERT ICSA-24-277-01Oct 3, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Opera Plus FM Family Transmitter versions up to and including 35.45 contain vulnerabilities related to missing authentication (CWE-306) and missing CSRF protections (CWE-352) that could allow remote code execution. The vendor (TEM) has not provided patches or responsive mitigations.

What this means

What could happen

An attacker with network access to an Opera Plus FM Family Transmitter could execute arbitrary commands on the device, potentially disrupting broadcast operations or compromising the transmitter's control logic and settings.

Who's at risk

FM radio broadcast operators and stations using TEM Opera Plus FM Family Transmitters should treat this as a critical risk. Any facility relying on these transmitters for continuous on-air operation is at risk of disruption or unauthorized control of broadcast parameters.

How it could be exploited

An attacker on the network (or the internet if the transmitter is exposed) sends a malicious request without credentials to the transmitter's control interface. Due to missing authentication and CSRF protections, the request is accepted and commands are executed directly on the transmitter hardware.

Prerequisites

Network access to the Opera Plus FM Family Transmitter on its control port
No valid credentials required

remotely exploitableno authentication requiredlow complexityno patch availablehigh severity (CVSS 9.8)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Opera Plus FM Family Transmitter: 35.4535.45No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGImmediately remove or air-gap the Opera Plus FM Family Transmitter from all networks if it cannot be protected by other means

HARDENINGIf network connectivity is required, place the transmitter behind a firewall and restrict access to only authorized engineering workstations on a separate, isolated control network

WORKAROUNDIf remote access to the transmitter is necessary, use a VPN or jump server (bastion host) and ensure the VPN/jump server is kept fully patched

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from the transmitter for unexpected commands or configuration changes

HOTFIXContact TEM to inquire about available firmware updates or patches, even if not yet publicly listed

CVEs (2)

CVE-2024-41988 CVE-2024-41987

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/cb5fc341-4b3d-40a0-a12b-8ea0ebee5f23