{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47611", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "state": "PUBLISHED", "assignerShortName": "Kaspersky", "dateReserved": "2023-11-07T10:06:48.689Z", "datePublished": "2023-11-10T16:38:54.668Z", "dateUpdated": "2024-08-02T21:09:37.384Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2023-11-10T16:38:54.668Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "type": "CWE"}]}], "affected": [{"vendor": "Telit Cinterion", "product": "BGS5", "versions": [{"version": "*", "status": "affected", "lessThan": "2.000 ARN 01.001.08", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS5-E", "versions": [{"version": "*", "status": "affected", "lessThan": "4.013 ARN 01.000.06", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS5-US", "versions": [{"version": "*", "status": "affected", "lessThan": "4.000", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS5-US Rel.4", "versions": [{"version": "*", "status": "affected", "lessThan": "4.013 ARN 01.000.06", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS6", "versions": [{"version": "*", "status": "affected", "lessThan": "2.000", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS6 Rel.2", "versions": [{"version": "*", "status": "affected", "lessThan": "2.000 ARN 00.000.20", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS6 Rel.3", "versions": [{"version": "*", "status": "affected", "lessThan": "3.001 ARN 00.000.49", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS6 Rel.4", "versions": [{"version": "*", "status": "affected", "lessThan": "4.013 ARN 01.000.06", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS6-A Rel.4", "versions": [{"version": "*", "status": "affected", "lessThan": "4.013 ARN 01.000.06", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS8", "versions": [{"version": "*", "status": "affected", "lessThan": "3.011 ARN 00.000.60", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "EHS8 Rel.4", "versions": [{"version": "*", "status": "affected", "lessThan": "4.013 ARN 01.000.06", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-AUS", "versions": [{"version": "*", "status": "affected", "lessThan": "1.000", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-AUS Rel.1", "versions": [{"version": "*", "status": "affected", "lessThan": "1.004 ARN 00.003.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-AUS Rel.1 MR", "versions": [{"version": "*", "status": "affected", "lessThan": "1.005 ARN 00.005.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-E", "versions": [{"version": "*", "status": "affected", "lessThan": "1.000", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-E Rel.1", "versions": [{"version": "*", "status": "affected", "lessThan": "1.000 ARN 00.030.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-E Rel.1 MR", "versions": [{"version": "*", "status": "affected", "lessThan": "1.000 ARN 00.032.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-E Rel.2", "versions": [{"version": "*", "status": "affected", "lessThan": "2.000 ARN 01.000.03", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-E Rel.2", "versions": [{"version": "*", "status": "affected", "lessThan": "2.000 ARN 01.000.03", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-E2 Rel.1", "versions": [{"version": "*", "status": "affected", "lessThan": "1.000 ARN 00.026.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-E2 Rel.1 MR", "versions": [{"version": "*", "status": "affected", "lessThan": "1.000 ARN 00.032.02", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-US Rel.1 MR", "versions": [{"version": "*", "status": "affected", "lessThan": "1.01 ARN 00.028.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS61-US Rel.2", "versions": [{"version": "*", "status": "affected", "lessThan": "2.012 ARN 01.000.05", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS81-E", "versions": [{"version": "*", "status": "affected", "lessThan": "4.000", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS81-E Rel.1", "versions": [{"version": "*", "status": "affected", "lessThan": "4.000 ARN 01.000.05", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS81-E Rel.1.1", "versions": [{"version": "*", "status": "affected", "lessThan": "5.001 ARN 01.000.04", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS81-US", "versions": [{"version": "*", "status": "affected", "lessThan": "5.012", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "ELS81-US Rel.1.1", "versions": [{"version": "*", "status": "affected", "lessThan": "5.012 ARN 01.000.05", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "PDS5-E", "versions": [{"version": "*", "status": "affected", "lessThan": "3.001", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "PDS5-E Rel.1", "versions": [{"version": "*", "status": "affected", "lessThan": "3.001 ARN 00.000.32", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "PDS5-E Rel.4", "versions": [{"version": "*", "status": "affected", "lessThan": "4.013 ARN 01.000.06", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "PDS5-US", "defaultStatus": "affected"}, {"vendor": "Telit Cinterion", "product": "PDS6", "defaultStatus": "affected"}, {"vendor": "Telit Cinterion", "product": "PDS8", "defaultStatus": "affected"}, {"vendor": "Telit Cinterion", "product": "PLS62-W", "versions": [{"version": "*", "status": "affected", "lessThan": "2.01", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Telit Cinterion", "product": "PLS62-W Rel.1", "versions": [{"version": "*", "status": "affected", "lessThan": "2.01 ARN 01.000.05", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to \"manufacturer\" level on the targeted system."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."}], "workarounds": [{"lang": "en", "value": "Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."}, {"lang": "en", "value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."}], "timeline": [{"time": "2023-02-21T12:45:00.000Z", "lang": "en", "value": "Issue discovered by Kaspersky ICS CERT"}, {"time": "2023-04-27T15:56:00.000Z", "lang": "en", "value": "Confirmed by Telit Cinterion"}], "credits": [{"lang": "en", "value": "Alexander Kozlov from Kaspersky", "type": "finder"}, {"lang": "en", "value": "Sergey Anufrienko from Kaspersky", "type": "finder"}], "references": [{"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/", "name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability", "tags": ["third-party-advisory"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:09:37.384Z"}, "title": "CVE Program Container", "references": [{"url": "https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-216-telit-cinterion-thales-gemalto-modules-improper-privilege-management-vulnerability/", "name": "KLCERT-22-216: Telit Cinterion (Thales/Gemalto) modules. Improper Privilege Management vulnerability", "tags": ["third-party-advisory", "x_transferred"]}]}]}}
MITRE
Vulnrichment
NVD
Redhat