Assigner | Kaspersky |
Reserved | 2023-11-07 |
Published | 2023-11-10 |
Updated | 2024-09-03 |
Description
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.
LOW: 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Problem types
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Product status
Default status
0x400746fde0
* before 2.000 ARN 01.001.08
affected
Default status
0x400746fe30
* before 4.013 ARN 01.000.06
affected
Default status
0x400746fe80
* before 4.000
affected
Default status
0x400746fed0
* before 4.013 ARN 01.000.06
affected
Default status
0x400746ff20
* before 2.000
affected
Default status
0x400746ff70
* before 2.000 ARN 00.000.20
affected
Default status
0x40074a4040
* before 3.001 ARN 00.000.49
affected
Default status
0x40074a4090
* before 4.013 ARN 01.000.06
affected
Default status
0x40074a40e0
* before 4.013 ARN 01.000.06
affected
Default status
0x40074a4130
* before 3.011 ARN 00.000.60
affected
Default status
0x40074a4180
* before 4.013 ARN 01.000.06
affected
Default status
0x40074a41d0
* before 1.000
affected
Default status
0x40074a4220
* before 1.004 ARN 00.003.01
affected
Default status
0x40074a4270
* before 1.005 ARN 00.005.01
affected
Default status
0x40074a42c0
* before 1.000
affected
Default status
0x40074a4310
* before 1.000 ARN 00.030.01
affected
Default status
0x40074a4360
* before 1.000 ARN 00.032.02
affected
Default status
0x40074a43b0
* before 2.000 ARN 01.000.03
affected
Default status
0x40074a4400
* before 2.000 ARN 01.000.03
affected
Default status
0x40074a4450
* before 1.000 ARN 00.026.01
affected
Default status
0x40074a44a0
* before 1.000 ARN 00.032.02
affected
Default status
0x40074a44f0
* before 1.01 ARN 00.028.01
affected
Default status
0x40074a4540
* before 2.012 ARN 01.000.05
affected
Default status
0x40074a4590
* before 4.000
affected
Default status
0x40074a45e0
* before 4.000 ARN 01.000.05
affected
Default status
0x40074a4630
* before 5.001 ARN 01.000.04
affected
Default status
0x40074a4680
* before 5.012
affected
Default status
0x40074a46d0
* before 5.012 ARN 01.000.05
affected
Default status
0x40074a4720
* before 3.001
affected
Default status
0x40074a4770
* before 3.001 ARN 00.000.32
affected
Default status
0x40074a47c0
* before 4.013 ARN 01.000.06
affected
Default status
0x40074a4810
Default status
0x40074a4840
Default status
0x40074a4870
Default status
0x40074a48a0
* before 2.01
affected
Default status
0x40074a48f0
* before 2.01 ARN 01.000.05
affected
Timeline
2023-02-21: | Issue discovered by Kaspersky ICS CERT |
2023-04-27: | Confirmed by Telit Cinterion |
Credits
Alexander Kozlov from Kaspersky 0x40074a4940
Sergey Anufrienko from Kaspersky 0x40074a4950
References
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/ (KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability) third-party-advisory
cve.org CVE-2023-47614
nvd.nist.gov CVE-2023-47614
Download JSON
Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.