{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-47614","assignerOrgId":"e45d732a-8f6b-4b6b-be76-7420f6a2b988","state":"PUBLISHED","assignerShortName":"Kaspersky","dateReserved":"2023-11-07T10:06:48.689Z","datePublished":"2023-11-10T15:50:24.884Z","dateUpdated":"2024-09-03T17:37:01.547Z"},"containers":{"cna":{"providerMetadata":{"orgId":"e45d732a-8f6b-4b6b-be76-7420f6a2b988","shortName":"Kaspersky","dateUpdated":"2023-11-10T15:50:24.884Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-200","description":"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor","type":"CWE"}]}],"affected":[{"vendor":"Telit Cinterion","product":"BGS5","versions":[{"version":"*","status":"affected","lessThan":"2.000 ARN 01.001.08","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS5-E","versions":[{"version":"*","status":"affected","lessThan":"4.013 ARN 01.000.06","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS5-US","versions":[{"version":"*","status":"affected","lessThan":"4.000","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS5-US Rel.4","versions":[{"version":"*","status":"affected","lessThan":"4.013 ARN 01.000.06","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS6","versions":[{"version":"*","status":"affected","lessThan":"2.000","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS6 Rel.2","versions":[{"version":"*","status":"affected","lessThan":"2.000 ARN 00.000.20","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS6 Rel.3","versions":[{"version":"*","status":"affected","lessThan":"3.001 ARN 00.000.49","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS6 Rel.4","versions":[{"version":"*","status":"affected","lessThan":"4.013 ARN 01.000.06","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS6-A Rel.4","versions":[{"version":"*","status":"affected","lessThan":"4.013 ARN 01.000.06","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS8","versions":[{"version":"*","status":"affected","lessThan":"3.011 ARN 00.000.60","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"EHS8 Rel.4","versions":[{"version":"*","status":"affected","lessThan":"4.013 ARN 01.000.06","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-AUS","versions":[{"version":"*","status":"affected","lessThan":"1.000","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-AUS Rel.1","versions":[{"version":"*","status":"affected","lessThan":"1.004 ARN 00.003.01","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-AUS Rel.1 MR","versions":[{"version":"*","status":"affected","lessThan":"1.005 ARN 00.005.01","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-E","versions":[{"version":"*","status":"affected","lessThan":"1.000","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-E Rel.1","versions":[{"version":"*","status":"affected","lessThan":"1.000 ARN 00.030.01","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-E Rel.1 MR","versions":[{"version":"*","status":"affected","lessThan":"1.000 ARN 00.032.02","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-E Rel.2","versions":[{"version":"*","status":"affected","lessThan":"2.000 ARN 01.000.03","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-E Rel.2","versions":[{"version":"*","status":"affected","lessThan":"2.000 ARN 01.000.03","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-E2 Rel.1","versions":[{"version":"*","status":"affected","lessThan":"1.000 ARN 00.026.01","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-E2 Rel.1 MR","versions":[{"version":"*","status":"affected","lessThan":"1.000 ARN 00.032.02","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-US Rel.1 MR","versions":[{"version":"*","status":"affected","lessThan":"1.01 ARN 00.028.01","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS61-US Rel.2","versions":[{"version":"*","status":"affected","lessThan":"2.012 ARN 01.000.05","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS81-E","versions":[{"version":"*","status":"affected","lessThan":"4.000","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS81-E Rel.1","versions":[{"version":"*","status":"affected","lessThan":"4.000 ARN 01.000.05","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS81-E Rel.1.1","versions":[{"version":"*","status":"affected","lessThan":"5.001 ARN 01.000.04","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS81-US","versions":[{"version":"*","status":"affected","lessThan":"5.012","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"ELS81-US Rel.1.1","versions":[{"version":"*","status":"affected","lessThan":"5.012 ARN 01.000.05","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"PDS5-E","versions":[{"version":"*","status":"affected","lessThan":"3.001","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"PDS5-E Rel.1","versions":[{"version":"*","status":"affected","lessThan":"3.001 ARN 00.000.32","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"PDS5-E Rel.4","versions":[{"version":"*","status":"affected","lessThan":"4.013 ARN 01.000.06","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"PDS5-US","defaultStatus":"affected"},{"vendor":"Telit Cinterion","product":"PDS6","defaultStatus":"affected"},{"vendor":"Telit Cinterion","product":"PDS8","defaultStatus":"affected"},{"vendor":"Telit Cinterion","product":"PLS62-W","versions":[{"version":"*","status":"affected","lessThan":"2.01","versionType":"custom"}],"defaultStatus":"unaffected"},{"vendor":"Telit Cinterion","product":"PLS62-W Rel.1","versions":[{"version":"*","status":"affected","lessThan":"2.01 ARN 01.000.05","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system."}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}],"solutions":[{"lang":"en","value":"Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance."}],"workarounds":[{"lang":"en","value":"Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device."},{"lang":"en","value":"Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."}],"timeline":[{"time":"2023-02-21T12:45:00.000Z","lang":"en","value":"Issue discovered by Kaspersky ICS CERT"},{"time":"2023-04-27T15:56:00.000Z","lang":"en","value":"Confirmed by Telit Cinterion"}],"credits":[{"lang":"en","value":"Alexander Kozlov from Kaspersky","type":"finder"},{"lang":"en","value":"Sergey Anufrienko from Kaspersky","type":"finder"}],"references":[{"url":"https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/","name":"KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability","tags":["third-party-advisory"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T21:09:37.431Z"},"title":"CVE Program Container","references":[{"url":"https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/","name":"KLCERT-22-210: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor vulnerability","tags":["third-party-advisory","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-03T17:36:50.567934Z","id":"CVE-2023-47614","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-03T17:37:01.547Z"}}]}}