April 23, 2020

CISA has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at CISA.

August 20, 2019

The NCCIC has updated this advisory with additionally information on mitigating measures. Read the advisory at CISA.

May 2, 2019

The NCCIC has published an advisory on OS command injection, use of hard-coded credentials, unrestricted upload of file with dangerous type, cross-site scripting, cross-site request forgery, information exposure, and missing encryption of sensitive data vulnerabilities in Sierra Wireless AirLink ALEOS. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths. Sierra Wireless recommends users upgrade to the latest version of ALEOS. The NCCIC also provides a series of recommendations for addressing the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.