Original release date: July 19, 2022
CISA has released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning system tracker. These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.
CISA encourages users and technicians to review ICS Advisory ICSA-22-200-01: MiCODUS MV720 GPS Tracker for technical details and mitigations and the Bitsight Report: Critical Vulnerabilities in Widely Used Vehicle GPS Tracker for additional information.