CVE-2023-47614 | THREATINT

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.

Reserved 2023-11-07 | Published 2023-11-10 | Updated 2024-09-03 | Assigner Kaspersky

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

* before 2.000 ARN 01.001.08

affected

Default status

unaffected

* before 4.013 ARN 01.000.06

affected

Default status

unaffected

* before 4.000

affected

Default status

unaffected

* before 4.013 ARN 01.000.06

affected

Default status

unaffected

* before 2.000

affected

Default status

unaffected

* before 2.000 ARN 00.000.20

affected

Default status

unaffected

* before 3.001 ARN 00.000.49

affected

Default status

unaffected

* before 4.013 ARN 01.000.06

affected

Default status

unaffected

* before 4.013 ARN 01.000.06

affected

Default status

unaffected

* before 3.011 ARN 00.000.60

affected

Default status

unaffected

* before 4.013 ARN 01.000.06

affected

Default status

unaffected

* before 1.000

affected

Default status

unaffected

* before 1.004 ARN 00.003.01

affected

Default status

unaffected

* before 1.005 ARN 00.005.01

affected

Default status

unaffected

* before 1.000

affected

Default status

unaffected

* before 1.000 ARN 00.030.01

affected

Default status

unaffected

* before 1.000 ARN 00.032.02

affected

Default status

unaffected

* before 2.000 ARN 01.000.03

affected

Default status

unaffected

* before 2.000 ARN 01.000.03

affected

Default status

unaffected

* before 1.000 ARN 00.026.01

affected

Default status

unaffected

* before 1.000 ARN 00.032.02

affected

Default status

unaffected

* before 1.01 ARN 00.028.01

affected

Default status

unaffected

* before 2.012 ARN 01.000.05

affected

Default status

unaffected

* before 4.000

affected

Default status

unaffected

* before 4.000 ARN 01.000.05

affected

Default status

unaffected

* before 5.001 ARN 01.000.04

affected

Default status

unaffected

* before 5.012

affected

Default status

unaffected

* before 5.012 ARN 01.000.05

affected

Default status

unaffected

* before 3.001

affected

Default status

unaffected

* before 3.001 ARN 00.000.32

affected

Default status

unaffected

* before 4.013 ARN 01.000.06

affected

Default status

affected

Default status

affected

Default status

affected

Default status

unaffected

* before 2.01

affected

Default status

unaffected

* before 2.01 ARN 01.000.05

affected

Timeline

2023-02-21:	Issue discovered by Kaspersky ICS CERT
2023-04-27:	Confirmed by Telit Cinterion

Credits

Alexander Kozlov from Kaspersky finder

Sergey Anufrienko from Kaspersky finder

References

ics-cert.kaspersky.com/...-unauthorized-actor-vulnerability/ (KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability) third-party-advisory

cve.org (CVE-2023-47614)

nvd.nist.gov (CVE-2023-47614)

Download JSON