| Assigner | Kaspersky |
| Reserved | 2023-11-07 |
| Published | 2023-11-10 |
| Updated | 2024-09-03 |
Description
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.
| LOW: 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Product status
Default status
unaffected
* before 2.000 ARN 01.001.08
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 4.000
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 2.000
affected
Default status
unaffected
* before 2.000 ARN 00.000.20
affected
Default status
unaffected
* before 3.001 ARN 00.000.49
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 3.011 ARN 00.000.60
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
unaffected
* before 1.000
affected
Default status
unaffected
* before 1.004 ARN 00.003.01
affected
Default status
unaffected
* before 1.005 ARN 00.005.01
affected
Default status
unaffected
* before 1.000
affected
Default status
unaffected
* before 1.000 ARN 00.030.01
affected
Default status
unaffected
* before 1.000 ARN 00.032.02
affected
Default status
unaffected
* before 2.000 ARN 01.000.03
affected
Default status
unaffected
* before 2.000 ARN 01.000.03
affected
Default status
unaffected
* before 1.000 ARN 00.026.01
affected
Default status
unaffected
* before 1.000 ARN 00.032.02
affected
Default status
unaffected
* before 1.01 ARN 00.028.01
affected
Default status
unaffected
* before 2.012 ARN 01.000.05
affected
Default status
unaffected
* before 4.000
affected
Default status
unaffected
* before 4.000 ARN 01.000.05
affected
Default status
unaffected
* before 5.001 ARN 01.000.04
affected
Default status
unaffected
* before 5.012
affected
Default status
unaffected
* before 5.012 ARN 01.000.05
affected
Default status
unaffected
* before 3.001
affected
Default status
unaffected
* before 3.001 ARN 00.000.32
affected
Default status
unaffected
* before 4.013 ARN 01.000.06
affected
Default status
affected
Default status
affected
Default status
affected
Default status
unaffected
* before 2.01
affected
Default status
unaffected
* before 2.01 ARN 01.000.05
affected
Timeline
| 2023-02-21: | Issue discovered by Kaspersky ICS CERT |
| 2023-04-27: | Confirmed by Telit Cinterion |
Credits
Alexander Kozlov from Kaspersky finder
Sergey Anufrienko from Kaspersky finder
References
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/ (KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability) third-party-advisory
cve.org CVE-2023-47614
nvd.nist.gov CVE-2023-47614
Download JSON
Share this page
https://cve.threatint.com/CVE/CVE-2023-47614
Subscribe to our newsletter to learn more about our work.
