We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-47614



AssignerKaspersky
Reserved2023-11-07
Published2023-11-10
Updated2024-09-03

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.



LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
0x400746fde0

* before 2.000 ARN 01.001.08
affected

Default status
0x400746fe30

* before 4.013 ARN 01.000.06
affected

Default status
0x400746fe80

* before 4.000
affected

Default status
0x400746fed0

* before 4.013 ARN 01.000.06
affected

Default status
0x400746ff20

* before 2.000
affected

Default status
0x400746ff70

* before 2.000 ARN 00.000.20
affected

Default status
0x40074a4040

* before 3.001 ARN 00.000.49
affected

Default status
0x40074a4090

* before 4.013 ARN 01.000.06
affected

Default status
0x40074a40e0

* before 4.013 ARN 01.000.06
affected

Default status
0x40074a4130

* before 3.011 ARN 00.000.60
affected

Default status
0x40074a4180

* before 4.013 ARN 01.000.06
affected

Default status
0x40074a41d0

* before 1.000
affected

Default status
0x40074a4220

* before 1.004 ARN 00.003.01
affected

Default status
0x40074a4270

* before 1.005 ARN 00.005.01
affected

Default status
0x40074a42c0

* before 1.000
affected

Default status
0x40074a4310

* before 1.000 ARN 00.030.01
affected

Default status
0x40074a4360

* before 1.000 ARN 00.032.02
affected

Default status
0x40074a43b0

* before 2.000 ARN 01.000.03
affected

Default status
0x40074a4400

* before 2.000 ARN 01.000.03
affected

Default status
0x40074a4450

* before 1.000 ARN 00.026.01
affected

Default status
0x40074a44a0

* before 1.000 ARN 00.032.02
affected

Default status
0x40074a44f0

* before 1.01 ARN 00.028.01
affected

Default status
0x40074a4540

* before 2.012 ARN 01.000.05
affected

Default status
0x40074a4590

* before 4.000
affected

Default status
0x40074a45e0

* before 4.000 ARN 01.000.05
affected

Default status
0x40074a4630

* before 5.001 ARN 01.000.04
affected

Default status
0x40074a4680

* before 5.012
affected

Default status
0x40074a46d0

* before 5.012 ARN 01.000.05
affected

Default status
0x40074a4720

* before 3.001
affected

Default status
0x40074a4770

* before 3.001 ARN 00.000.32
affected

Default status
0x40074a47c0

* before 4.013 ARN 01.000.06
affected

Default status
0x40074a4810

Default status
0x40074a4840

Default status
0x40074a4870

Default status
0x40074a48a0

* before 2.01
affected

Default status
0x40074a48f0

* before 2.01 ARN 01.000.05
affected

Timeline

2023-02-21:Issue discovered by Kaspersky ICS CERT
2023-04-27:Confirmed by Telit Cinterion

Credits

Alexander Kozlov from Kaspersky 0x40074a4940

Sergey Anufrienko from Kaspersky 0x40074a4950

References

https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/ (KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability) third-party-advisory

cve.org CVE-2023-47614

nvd.nist.gov CVE-2023-47614

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.