CVE-2023-47616 - Vulnerability Details

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Telit	Bgs5 Bgs5 Firmware Ehs5 Ehs5 Firmware Ehs6 Ehs6 Firmware Ehs8 Ehs8 Firmware Els61 Els61 Firmware Els81 Els81 Firmware Pds5 Pds5 Firmware Pds6 Pds6 Firmware Pds8 Pds8 Firmware Pls62 Pls62 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published: 2023-11-09T12:24:33.382Z

Updated: 2024-09-03T19:34:41.779Z

Reserved: 2023-11-07T10:06:48.689Z

Link: CVE-2023-47616

Vulnrichment

Updated: 2024-08-02T21:09:37.416Z

NVD

Status : Modified

Published: 2023-11-09T13:15:07.677

Modified: 2024-11-21T08:30:31.980

Link: CVE-2023-47616

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object