CVE-2024-41987 TEM CVE debrief

Who should care

Broadcast engineering teams, critical infrastructure operators using TEM FM transmitters, SOC analysts monitoring industrial control systems, and CISOs responsible for media and telecommunications infrastructure security.

Technical summary

The TEM Opera Plus FM Family Transmitter web application interface lacks request validation mechanisms, enabling CSRF attacks. An attacker can craft malicious HTTP requests that execute with the privileges of an authenticated administrator if the administrator visits a malicious website while logged into the device. The vulnerability requires network access to the device's web interface and user interaction (clicking a malicious link or visiting a compromised site). With CVSS 3.1 score 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), this represents critical risk due to complete confidentiality, integrity, and availability impact on the broadcast transmission system.

Defensive priority

critical

Recommended defensive actions

• Contact TEM directly for additional information and potential mitigation options
• Implement network segmentation to isolate affected transmitters from untrusted networks
• Restrict web interface access to trusted administrative hosts only
• Deploy web application firewalls with CSRF protection rules where possible
• Monitor for unauthorized configuration changes on affected devices
• Consider disabling remote web interface access if operational requirements permit
• Apply CISA's ICS recommended practices for defense-in-depth security
• Train administrative users to avoid visiting untrusted websites while logged into device interfaces

Evidence notes

CISA's CSAF advisory confirms the vulnerability affects TEM Opera Plus FM Family Transmitter version 35.45, with CVSS 3.1 score of 9.6 (Critical). The advisory states TEM has not responded to requests to work with CISA on mitigation.

Official resources