CVE-2023-47612 - OpenCVE

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Telit	Bgs5 Bgs5 Firmware Ehs5 Ehs5 Firmware Ehs6 Ehs6 Firmware Ehs8 Ehs8 Firmware Els61 Els61 Firmware Els81 Els81 Firmware Pds5 Pds5 Firmware Pds6 Pds6 Firmware Pds8 Pds8 Firmware Pls62 Pls62 Firmware

Configuration 1 [-]

AND

cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*

cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*

cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*

cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*

cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*

cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*

cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*

cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published: 2023-11-09T12:07:54.815Z

Updated: 2024-09-04T13:47:01.811Z

Reserved: 2023-11-07T10:06:48.689Z

Link: CVE-2023-47612

Vulnrichment

Updated: 2024-08-02T21:09:37.494Z

NVD

Status : Analyzed

Published: 2023-11-09T12:15:07.520

Modified: 2023-11-16T16:39:34.940

Link: CVE-2023-47612

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object