CVE-2023-47616

LOW

2.4

Description

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.

CVE Details

CVSS v3.1 Score2.4

SeverityLOW

CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorPHYSICAL

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published11/9/2023

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

telit:bgs5telit:bgs5_firmwaretelit:ehs5telit:ehs5_firmwaretelit:ehs6telit:ehs6_firmwaretelit:ehs8telit:ehs8_firmwaretelit:els61telit:els61_firmwaretelit:els81telit:els81_firmwaretelit:pds5telit:pds5_firmwaretelit:pds6telit:pds6_firmwaretelit:pds8telit:pds8_firmwaretelit:pls62telit:pls62_firmware

Weaknesses (CWE)

CWE-200

References

https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/(vulnerability@kaspersky.com)

https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.