CVE-2023-47612

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47612
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/ Third Party Advisory
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:30

Type Values Removed Values Added
References () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/ - Third Party Advisory () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/ - Third Party Advisory
CVSS v2 : unknown
v3 : 6.1 		v2 : unknown
v3 : 6.8

16 Nov 2023, 16:39

Type Values Removed Values Added
References () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/ - () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
First Time Telit ehs8 Firmware
Telit ehs6 Firmware
Telit pls62 Firmware
Telit bgs5
Telit els81 Firmware
Telit ehs8
Telit pds6
Telit pds6 Firmware
Telit pds8
Telit pls62
Telit ehs5
Telit bgs5 Firmware
Telit els61
Telit ehs6
Telit ehs5 Firmware
Telit pds5 Firmware
Telit
Telit els81
Telit pds8 Firmware
Telit els61 Firmware
Telit pds5
CWE CWE-552
CPE cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*

09 Nov 2023, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-09 12:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47612

Mitre link : CVE-2023-47612

CVE.ORG link : CVE-2023-47612

JSON object : View

Products Affected

telit

  • ehs6
  • ehs6_firmware
  • bgs5_firmware
  • pds6
  • pls62_firmware
  • els61_firmware
  • pls62
  • els81
  • ehs8
  • pds6_firmware
  • ehs5_firmware
  • pds8_firmware
  • bgs5
  • pds5_firmware
  • pds8
  • els81_firmware
  • pds5
  • ehs5
  • ehs8_firmware
  • els61
CWE
CWE-552

Files or Directories Accessible to External Parties