CVE-2023-47614

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.

Remediation

Solution:

  • Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance.

Workaround:

  • Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device.
  • Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.

Category

3.3
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.02%
Third-Party Advisory kaspersky.com
Affected: Telit Cinterion BGS5
Affected: Telit Cinterion EHS5-E
Affected: Telit Cinterion EHS5-US
Affected: Telit Cinterion EHS5-US Rel.4
Affected: Telit Cinterion EHS6
Affected: Telit Cinterion EHS6 Rel.2
Affected: Telit Cinterion EHS6 Rel.3
Affected: Telit Cinterion EHS6 Rel.4
Affected: Telit Cinterion EHS6-A Rel.4
Affected: Telit Cinterion EHS8
Affected: Telit Cinterion EHS8 Rel.4
Affected: Telit Cinterion ELS61-AUS
Affected: Telit Cinterion ELS61-AUS Rel.1
Affected: Telit Cinterion ELS61-AUS Rel.1 MR
Affected: Telit Cinterion ELS61-E
Affected: Telit Cinterion ELS61-E Rel.1
Affected: Telit Cinterion ELS61-E Rel.1 MR
Affected: Telit Cinterion ELS61-E Rel.2
Affected: Telit Cinterion ELS61-E Rel.2
Affected: Telit Cinterion ELS61-E2 Rel.1
Affected: Telit Cinterion ELS61-E2 Rel.1 MR
Affected: Telit Cinterion ELS61-US Rel.1 MR
Affected: Telit Cinterion ELS61-US Rel.2
Affected: Telit Cinterion ELS81-E
Affected: Telit Cinterion ELS81-E Rel.1
Affected: Telit Cinterion ELS81-E Rel.1.1
Affected: Telit Cinterion ELS81-US
Affected: Telit Cinterion ELS81-US Rel.1.1
Affected: Telit Cinterion PDS5-E
Affected: Telit Cinterion PDS5-E Rel.1
Affected: Telit Cinterion PDS5-E Rel.4
Affected: Telit Cinterion PDS5-US
Affected: Telit Cinterion PDS6
Affected: Telit Cinterion PDS8
Affected: Telit Cinterion PLS62-W
Affected: Telit Cinterion PLS62-W Rel.1
Published at:
Updated at:

References

Link Tags
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability/ third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-47614?
CVE-2023-47614 has been scored as a low severity vulnerability.
How to fix CVE-2023-47614?
To fix CVE-2023-47614: Telit Cinterion has released firmware updates to fix the issue. Contact Telit Cinterion for assistance.
Is CVE-2023-47614 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-47614 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-47614?
CVE-2023-47614 affects Telit Cinterion BGS5, Telit Cinterion EHS5-E, Telit Cinterion EHS5-US, Telit Cinterion EHS5-US Rel.4, Telit Cinterion EHS6, Telit Cinterion EHS6 Rel.2, Telit Cinterion EHS6 Rel.3, Telit Cinterion EHS6 Rel.4, Telit Cinterion EHS6-A Rel.4, Telit Cinterion EHS8, Telit Cinterion EHS8 Rel.4, Telit Cinterion ELS61-AUS, Telit Cinterion ELS61-AUS Rel.1, Telit Cinterion ELS61-AUS Rel.1 MR, Telit Cinterion ELS61-E, Telit Cinterion ELS61-E Rel.1, Telit Cinterion ELS61-E Rel.1 MR, Telit Cinterion ELS61-E Rel.2, Telit Cinterion ELS61-E Rel.2, Telit Cinterion ELS61-E2 Rel.1, Telit Cinterion ELS61-E2 Rel.1 MR, Telit Cinterion ELS61-US Rel.1 MR, Telit Cinterion ELS61-US Rel.2, Telit Cinterion ELS81-E, Telit Cinterion ELS81-E Rel.1, Telit Cinterion ELS81-E Rel.1.1, Telit Cinterion ELS81-US, Telit Cinterion ELS81-US Rel.1.1, Telit Cinterion PDS5-E, Telit Cinterion PDS5-E Rel.1, Telit Cinterion PDS5-E Rel.4, Telit Cinterion PDS5-US, Telit Cinterion PDS6, Telit Cinterion PDS8, Telit Cinterion PLS62-W, Telit Cinterion PLS62-W Rel.1.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.