Multiple vulnerabilities in Telit Cinterion modules
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-47611 CVE-2023-47614 |
| CWE-ID | CWE-269 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
PDS6 Hardware solutions / Firmware PDS8 Hardware solutions / Firmware PLS62-W Hardware solutions / Firmware BGS5 Hardware solutions / Firmware EHS5 Hardware solutions / Firmware EHS6 Rel.2 Hardware solutions / Firmware EHS6 Rel.3 Hardware solutions / Firmware EHS6 Rel.4 Hardware solutions / Firmware EHS8 Hardware solutions / Firmware EHS8 Rel.4 Hardware solutions / Firmware ELS61-AUS REL.1 Hardware solutions / Firmware ELS61-AUS Rel.1 MR Hardware solutions / Firmware ELS61-E REL.1 Hardware solutions / Firmware ELS61-E Rel.1 MR Hardware solutions / Firmware ELS61-E Rel.2 Hardware solutions / Firmware ELS61-E2 REL.1 Hardware solutions / Firmware ELS61-E2 Rel.1 MR Hardware solutions / Firmware ELS61-US Rel.1 MR Hardware solutions / Firmware ELS61-US REL.2 Hardware solutions / Firmware ELS81-E Rel.1 Hardware solutions / Firmware ELS81-E Rel.1.1 Hardware solutions / Firmware ELS81-US Rel.1.1 Hardware solutions / Firmware PDS5-E Rel.1 Hardware solutions / Firmware PDS5-E Rel.4 Hardware solutions / Firmware PLS62-W Rel.1 Hardware solutions / Firmware |
| Vendor | Telit |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Privilege Management
EUVDB-ID: #VU82931
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47611
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management. A local user can escalate privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDS6: All versions
PDS8: All versions
PLS62-W: All versions
BGS5: before ARN 01.001.08
EHS5: before ARN 01.000.06
EHS6 Rel.2: before ARN 00.000.20
EHS6 Rel.3: before ARN 00.000.49
EHS6 Rel.4: before ARN 01.000.06
EHS8: before ARN 00.000.60
EHS8 Rel.4: before ARN 01.000.06
ELS61-AUS REL.1: before ARN 00.006.01
ELS61-AUS Rel.1 MR: before ARN 00.005.01
ELS61-E REL.1: before ARN 00.030.01
ELS61-E Rel.1 MR: before ARN 00.032.02
ELS61-E Rel.2: before ARN 01.000.03
ELS61-E2 REL.1: before ARN 00.026.01
ELS61-E2 Rel.1 MR: before ARN 00.032.02
ELS61-US Rel.1 MR: before ARN 00.028.01
ELS61-US REL.2: before ARN 01.000.05
ELS81-E Rel.1: before ARN 01.000.05
ELS81-E Rel.1.1: before ARN 01.000.04
ELS81-US Rel.1.1: before ARN 01.000.05
PDS5-E Rel.1: before ARN 00.000.32
PDS5-E Rel.4: before ARN 01.000.06
PLS62-W Rel.1: before ARN 01.000.06
CPE2.3- cpe:2.3:h:Telit Cinterion:pds6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62-w:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:bgs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6_rel.2:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6_rel.3:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6_rel.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8_rel.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-aus_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-aus_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e_rel.2:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e2_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e2_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-us_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-us_rel.2:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81-e_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81-e_rel.1.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81-us_rel.1.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5-e_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5-e_rel.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62-w_rel.1:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU82932
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-47614
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsPDS6: All versions
PDS8: All versions
PLS62-W: All versions
BGS5: before ARN 01.001.08
EHS5: before ARN 01.000.06
EHS6 Rel.2: before ARN 00.000.20
EHS6 Rel.3: before ARN 00.000.49
EHS6 Rel.4: before ARN 01.000.06
EHS8: before ARN 00.000.60
EHS8 Rel.4: before ARN 01.000.06
ELS61-AUS REL.1: before ARN 00.006.01
ELS61-AUS Rel.1 MR: before ARN 00.005.01
ELS61-E REL.1: before ARN 00.030.01
ELS61-E Rel.1 MR: before ARN 00.032.02
ELS61-E Rel.2: before ARN 01.000.03
ELS61-E2 REL.1: before ARN 00.026.01
ELS61-E2 Rel.1 MR: before ARN 00.032.02
ELS61-US Rel.1 MR: before ARN 00.028.01
ELS61-US REL.2: before ARN 01.000.05
ELS81-E Rel.1: before ARN 01.000.05
ELS81-E Rel.1.1: before ARN 01.000.04
ELS81-US Rel.1.1: before ARN 01.000.05
PDS5-E Rel.1: before ARN 00.000.32
PDS5-E Rel.4: before ARN 01.000.06
PLS62-W Rel.1: before ARN 01.000.06
CPE2.3- cpe:2.3:h:Telit Cinterion:pds6:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62-w:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:bgs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs5:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6_rel.2:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6_rel.3:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs6_rel.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:ehs8_rel.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-aus_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-aus_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e_rel.2:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e2_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-e2_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-us_rel.1_mr:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els61-us_rel.2:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81-e_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81-e_rel.1.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:els81-us_rel.1.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5-e_rel.1:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pds5-e_rel.4:*:*:*:*:*:*:*:*
- cpe:2.3:h:Telit Cinterion:pls62-w_rel.1:*:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
