Multiple vulnerabilities in Telit Cinterion modules
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2023-47610 CVE-2023-47613 CVE-2023-47612 CVE-2023-47616 CVE-2023-47615 |
| CWE-ID | CWE-119 CWE-22 CWE-552 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BGS5 Hardware solutions / Firmware EHS5 Hardware solutions / Firmware EHS6 Hardware solutions / Firmware EHS8 Hardware solutions / Firmware PDS5 Hardware solutions / Firmware PDS6 Hardware solutions / Firmware PDS8 Hardware solutions / Firmware ELS61 Hardware solutions / Firmware ELS81 Hardware solutions / Firmware PLS62 Hardware solutions / Firmware |
| Vendor | Telit |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU82928
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-47610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can use a specially crafted SMS message, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBGS5: All versions
EHS5: All versions
EHS6: All versions
EHS8: All versions
PDS5: All versions
PDS6: All versions
PDS8: All versions
ELS61: All versions
ELS81: All versions
PLS62: All versions
CPE2.3- cpe:2.3:h:Telit Cinterion:bgs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU82930
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47613
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can send a specially crafted HTTP request and read/write arbitrary files on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBGS5: All versions
EHS5: All versions
EHS6: All versions
EHS8: All versions
PDS5: All versions
PDS6: All versions
PDS8: All versions
ELS61: All versions
ELS81: All versions
PLS62: All versions
CPE2.3- cpe:2.3:h:Telit Cinterion:bgs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Files or Directories Accessible to External Parties
EUVDB-ID: #VU82929
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47612
CWE-ID:
CWE-552 - Files or Directories Accessible to External Parties
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to files or directories accessible to external parties. An attacker with physical access can obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBGS5: All versions
EHS5: All versions
EHS6: All versions
EHS8: All versions
PDS5: All versions
PDS6: All versions
PDS8: All versions
ELS61: All versions
ELS81: All versions
PLS62: All versions
CPE2.3- cpe:2.3:h:Telit Cinterion:bgs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU82934
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47616
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. An attacker with physical access can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBGS5: All versions
EHS5: All versions
EHS6: All versions
EHS8: All versions
PDS5: All versions
PDS6: All versions
PDS8: All versions
ELS61: All versions
ELS81: All versions
PLS62: All versions
CPE2.3- cpe:2.3:h:Telit Cinterion:bgs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU82933
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47615
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBGS5: All versions
EHS5: All versions
EHS6: All versions
EHS8: All versions
PDS5: All versions
PDS6: All versions
PDS8: All versions
ELS61: All versions
ELS81: All versions
PLS62: All versions
CPE2.3- cpe:2.3:h:Telit Cinterion:bgs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
