CVE-2023-47615

Description

A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.

Remediation

Workaround:

Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device.
Control physical access to the device at all stages of transportation to protect against the embedding of backdoors.

References

Link	Tags
https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-212-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-through-environmental-variables/	third party advisory

Frequently Asked Questions

What is the severity of CVE-2023-47615?: CVE-2023-47615 has been scored as a low severity vulnerability.
How to fix CVE-2023-47615?: As a workaround for remediating CVE-2023-47615: Enforce application signature verification to prohibit the installation of untrusted MIDlets on the device.
Is CVE-2023-47615 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-47615 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-47615?: CVE-2023-47615 affects Telit Cinterion BGS5, Telit Cinterion EHS5, Telit Cinterion EHS6, Telit Cinterion EHS8, Telit Cinterion PDS5, Telit Cinterion PDS6, Telit Cinterion PDS8, Telit Cinterion ELS61, Telit Cinterion ELS81, Telit Cinterion PLS62.

Description

Remediation

Category

CWE-526 – Cleartext Storage of Sensitive Information in an Environment Variable

References

Frequently Asked Questions