Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
12 vulnerabilities found for BGS5 by Telit Cinterion
CVE-2023-47611 (GCVE-0-2023-47611)
Vulnerability from nvd – Published: 2023-11-10 16:38 – Updated: 2024-08-02 21:09
VLAI?
Summary
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Telit Cinterion | BGS5 |
Affected:
* , < 2.000 ARN 01.001.08
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BGS5",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.001.08",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 00.000.20",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.3",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.49",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6-A Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.011 ARN 00.000.60",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.004 ARN 00.003.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.005 ARN 00.005.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.030.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.026.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.01 ARN 00.028.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.001 ARN 01.000.04",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.32",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "PDS5-US",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to \"manufacturer\" level on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T16:38:54.668Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
}
],
"solutions": [
{
"lang": "en",
"value": "Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47611",
"datePublished": "2023-11-10T16:38:54.668Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-08-02T21:09:37.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47614 (GCVE-0-2023-47614)
Vulnerability from nvd – Published: 2023-11-10 15:50 – Updated: 2024-09-03 17:37
VLAI?
Summary
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Telit Cinterion | BGS5 |
Affected:
* , < 2.000 ARN 01.001.08
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:36:50.567934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:37:01.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BGS5",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.001.08",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 00.000.20",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.3",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.49",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6-A Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.011 ARN 00.000.60",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.004 ARN 00.003.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.005 ARN 00.005.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.030.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.026.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.01 ARN 00.028.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.001 ARN 01.000.04",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.32",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "PDS5-US",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:50:24.884Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/"
}
],
"solutions": [
{
"lang": "en",
"value": "Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47614",
"datePublished": "2023-11-10T15:50:24.884Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T17:37:01.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47616 (GCVE-0-2023-47616)
Vulnerability from nvd – Published: 2023-11-09 12:24 – Updated: 2024-09-03 19:34
VLAI?
Summary
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-193: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:34:03.922305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:34:41.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:20:44.169Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-193: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47616",
"datePublished": "2023-11-09T12:24:33.382Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T19:34:41.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47615 (GCVE-0-2023-47615)
Vulnerability from nvd – Published: 2023-11-09 12:47 – Updated: 2024-09-03 19:34
VLAI?
Summary
A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.
Severity ?
CWE
- CWE-526 - Exposure of Sensitive Information Through Environmental Variables
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-212: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information Through Environmental Variables",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:33:54.319079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:34:27.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-526",
"description": "CWE-526: Exposure of Sensitive Information Through Environmental Variables",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:18:49.812Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-212: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information Through Environmental Variables",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47615",
"datePublished": "2023-11-09T12:47:43.253Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T19:34:27.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47612 (GCVE-0-2023-47612)
Vulnerability from nvd – Published: 2023-11-09 12:07 – Updated: 2024-09-04 13:47
VLAI?
Summary
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.
Severity ?
6.8 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-194: Telit Cinterion (Thales/Gemalto) modules. Files or Directories Accessible to External Parties vulnerability",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:telit_cinterion:bgs5:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bgs5",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "bgs5"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:ehs5:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ehs5",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "ehs5"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:ehs6:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ehs6",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "ehs6"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:ehs8:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ehs8",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "ehs8"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pds5:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pds5",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pds5"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pds6:pds6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pds6",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pds6"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pds8:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pds8",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pds8"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:els61:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "els61",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "els61"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:els81:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "els81",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "els81"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pls62:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pls62",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pls62"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:32:02.787633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T13:47:01.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:12:52.926Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-194: Telit Cinterion (Thales/Gemalto) modules. Files or Directories Accessible to External Parties vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47612",
"datePublished": "2023-11-09T12:07:54.815Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-04T13:47:01.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47613 (GCVE-0-2023-47613)
Vulnerability from nvd – Published: 2023-11-09 06:32 – Updated: 2024-09-03 19:34
VLAI?
Summary
A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.
Severity ?
4.4 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-211: Telit Cinterion (Thales/Gemalto) modules. Relative Path Traversal",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:34:10.939702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:34:58.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:14:03.577Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-211: Telit Cinterion (Thales/Gemalto) modules. Relative Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47613",
"datePublished": "2023-11-09T06:32:08.024Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T19:34:58.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47611 (GCVE-0-2023-47611)
Vulnerability from cvelistv5 – Published: 2023-11-10 16:38 – Updated: 2024-08-02 21:09
VLAI?
Summary
A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.
Severity ?
7.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Telit Cinterion | BGS5 |
Affected:
* , < 2.000 ARN 01.001.08
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BGS5",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.001.08",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 00.000.20",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.3",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.49",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6-A Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.011 ARN 00.000.60",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.004 ARN 00.003.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.005 ARN 00.005.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.030.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.026.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.01 ARN 00.028.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.001 ARN 01.000.04",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.32",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "PDS5-US",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to \"manufacturer\" level on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T16:38:54.668Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/"
}
],
"solutions": [
{
"lang": "en",
"value": "Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47611",
"datePublished": "2023-11-10T16:38:54.668Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-08-02T21:09:37.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47614 (GCVE-0-2023-47614)
Vulnerability from cvelistv5 – Published: 2023-11-10 15:50 – Updated: 2024-09-03 17:37
VLAI?
Summary
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Telit Cinterion | BGS5 |
Affected:
* , < 2.000 ARN 01.001.08
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T17:36:50.567934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T17:37:01.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BGS5",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.001.08",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS5-US Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 00.000.20",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.3",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.49",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS6-A Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.011 ARN 00.000.60",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "EHS8 Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.004 ARN 00.003.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-AUS Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.005 ARN 00.005.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.030.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.000 ARN 01.000.03",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.026.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-E2 Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.000 ARN 00.032.02",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.1 MR",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "1.01 ARN 00.028.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS61-US Rel.2",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.000 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-E Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.001 ARN 01.000.04",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ELS81-US Rel.1.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "5.012 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "3.001 ARN 00.000.32",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PDS5-E Rel.4",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "4.013 ARN 01.000.06",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "PDS5-US",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PLS62-W Rel.1",
"vendor": "Telit Cinterion",
"versions": [
{
"lessThan": "2.01 ARN 01.000.05",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-10T15:50:24.884Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/"
}
],
"solutions": [
{
"lang": "en",
"value": "Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47614",
"datePublished": "2023-11-10T15:50:24.884Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T17:37:01.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47615 (GCVE-0-2023-47615)
Vulnerability from cvelistv5 – Published: 2023-11-09 12:47 – Updated: 2024-09-03 19:34
VLAI?
Summary
A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.
Severity ?
CWE
- CWE-526 - Exposure of Sensitive Information Through Environmental Variables
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-212: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information Through Environmental Variables",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:33:54.319079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:34:27.651Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-526",
"description": "CWE-526: Exposure of Sensitive Information Through Environmental Variables",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:18:49.812Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-212: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information Through Environmental Variables",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47615",
"datePublished": "2023-11-09T12:47:43.253Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T19:34:27.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47616 (GCVE-0-2023-47616)
Vulnerability from cvelistv5 – Published: 2023-11-09 12:24 – Updated: 2024-09-03 19:34
VLAI?
Summary
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-193: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:34:03.922305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:34:41.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:20:44.169Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-193: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47616",
"datePublished": "2023-11-09T12:24:33.382Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T19:34:41.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47612 (GCVE-0-2023-47612)
Vulnerability from cvelistv5 – Published: 2023-11-09 12:07 – Updated: 2024-09-04 13:47
VLAI?
Summary
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.
Severity ?
6.8 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-194: Telit Cinterion (Thales/Gemalto) modules. Files or Directories Accessible to External Parties vulnerability",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:telit_cinterion:bgs5:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bgs5",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "bgs5"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:ehs5:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ehs5",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "ehs5"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:ehs6:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ehs6",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "ehs6"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:ehs8:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ehs8",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "ehs8"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pds5:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pds5",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pds5"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pds6:pds6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pds6",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pds6"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pds8:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pds8",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pds8"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:els61:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "els61",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "els61"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:els81:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "els81",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "els81"
}
]
},
{
"cpes": [
"cpe:2.3:a:telit_cinterion:pls62:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pls62",
"vendor": "telit_cinterion",
"versions": [
{
"status": "affected",
"version": "pls62"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:32:02.787633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T13:47:01.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:12:52.926Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-194: Telit Cinterion (Thales/Gemalto) modules. Files or Directories Accessible to External Parties vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47612",
"datePublished": "2023-11-09T12:07:54.815Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-04T13:47:01.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47613 (GCVE-0-2023-47613)
Vulnerability from cvelistv5 – Published: 2023-11-09 06:32 – Updated: 2024-09-03 19:34
VLAI?
Summary
A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.
Severity ?
4.4 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
Alexander Kozlov from Kaspersky
Sergey Anufrienko from Kaspersky
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "KLCERT-22-211: Telit Cinterion (Thales/Gemalto) modules. Relative Path Traversal",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:34:10.939702Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:34:58.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "BGS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "EHS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS5",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS6",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PDS8",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS61",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "ELS81",
"vendor": "Telit Cinterion"
},
{
"defaultStatus": "affected",
"product": "PLS62",
"vendor": "Telit Cinterion"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexander Kozlov from Kaspersky"
},
{
"lang": "en",
"type": "finder",
"value": "Sergey Anufrienko from Kaspersky"
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-09T17:14:03.577Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"name": "KLCERT-22-211: Telit Cinterion (Thales/Gemalto) modules. Relative Path Traversal",
"tags": [
"third-party-advisory"
],
"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-211-telit-cinterion-thales-gemalto-modules-relative-path-traversal/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T12:45:00.000Z",
"value": "Issue discovered by Kaspersky ICS CERT"
},
{
"lang": "en",
"time": "2023-04-27T15:56:00.000Z",
"value": "Confirmed by Telit Cinterion"
}
],
"workarounds": [
{
"lang": "en",
"value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."
},
{
"lang": "en",
"value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2023-47613",
"datePublished": "2023-11-09T06:32:08.024Z",
"dateReserved": "2023-11-07T10:06:48.689Z",
"dateUpdated": "2024-09-03T19:34:58.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}