CVE-2023-47614
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Telit Cinterion | BGS5 | * < 2.000 ARN 01.001.08 | affected |
| Telit Cinterion | EHS5-E | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS5-US | * < 4.000 | affected |
| Telit Cinterion | EHS5-US Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS6 | * < 2.000 | affected |
| Telit Cinterion | EHS6 Rel.2 | * < 2.000 ARN 00.000.20 | affected |
| Telit Cinterion | EHS6 Rel.3 | * < 3.001 ARN 00.000.49 | affected |
| Telit Cinterion | EHS6 Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS6-A Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | EHS8 | * < 3.011 ARN 00.000.60 | affected |
| Telit Cinterion | EHS8 Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | ELS61-AUS | * < 1.000 | affected |
| Telit Cinterion | ELS61-AUS Rel.1 | * < 1.004 ARN 00.003.01 | affected |
| Telit Cinterion | ELS61-AUS Rel.1 MR | * < 1.005 ARN 00.005.01 | affected |
| Telit Cinterion | ELS61-E | * < 1.000 | affected |
| Telit Cinterion | ELS61-E Rel.1 | * < 1.000 ARN 00.030.01 | affected |
| Telit Cinterion | ELS61-E Rel.1 MR | * < 1.000 ARN 00.032.02 | affected |
| Telit Cinterion | ELS61-E Rel.2 | * < 2.000 ARN 01.000.03 | affected |
| Telit Cinterion | ELS61-E Rel.2 | * < 2.000 ARN 01.000.03 | affected |
| Telit Cinterion | ELS61-E2 Rel.1 | * < 1.000 ARN 00.026.01 | affected |
| Telit Cinterion | ELS61-E2 Rel.1 MR | * < 1.000 ARN 00.032.02 | affected |
| Telit Cinterion | ELS61-US Rel.1 MR | * < 1.01 ARN 00.028.01 | affected |
| Telit Cinterion | ELS61-US Rel.2 | * < 2.012 ARN 01.000.05 | affected |
| Telit Cinterion | ELS81-E | * < 4.000 | affected |
| Telit Cinterion | ELS81-E Rel.1 | * < 4.000 ARN 01.000.05 | affected |
| Telit Cinterion | ELS81-E Rel.1.1 | * < 5.001 ARN 01.000.04 | affected |
| Telit Cinterion | ELS81-US | * < 5.012 | affected |
| Telit Cinterion | ELS81-US Rel.1.1 | * < 5.012 ARN 01.000.05 | affected |
| Telit Cinterion | PDS5-E | * < 3.001 | affected |
| Telit Cinterion | PDS5-E Rel.1 | * < 3.001 ARN 00.000.32 | affected |
| Telit Cinterion | PDS5-E Rel.4 | * < 4.013 ARN 01.000.06 | affected |
| Telit Cinterion | PLS62-W | * < 2.01 | affected |
| Telit Cinterion | PLS62-W Rel.1 | * < 2.01 ARN 01.000.05 | affected |
Weaknesses
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Workarounds
Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device. Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.