A patch has been issued for the flaw in a widely-used Cinterion module, a small electronic device embedded in IoT devices that connects to wireless networks. The flaw could be exploited to steal confidential information, take control of devices, gain access to control networks and more. The vulnerability (CVE-2020-15858) was first discovered last September, and Thales issued a fix in early 2020 while patches are available, researchers warn that it will take a while for many critical-infrastructure manufacturers to apply them.
Source: https://threatpost.com/flaw-affecting-millions-iot-devices/158472/