CVE-2023-47612

Description

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.

Remediation

Workaround:

Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.

References

Link	Tags
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-194-telit-cinterion-thales-gemalto-modules-files-or-directories-accessible-to-external-parties-vulnerability/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-47612?: CVE-2023-47612 has been scored as a medium severity vulnerability.
How to fix CVE-2023-47612?: As a workaround for remediating CVE-2023-47612: Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.
Is CVE-2023-47612 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-47612 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-47612?: CVE-2023-47612 affects Telit Cinterion BGS5, Telit Cinterion EHS5, Telit Cinterion EHS6, Telit Cinterion EHS8, Telit Cinterion PDS5, Telit Cinterion PDS6, Telit Cinterion PDS8, Telit Cinterion ELS61, Telit Cinterion ELS81, Telit Cinterion PLS62.

Description

Remediation

Category

CWE-552 – Files or Directories Accessible to External Parties

References

Frequently Asked Questions