github - ghsa-fh84-33w2-qrx7

ghsa-fh84-33w2-qrx7

Vulnerability from github

Published

2023-11-09 15:30

Modified

2023-11-09 15:30

Severity ?

2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-47616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-09T13:15:07Z",
    "severity": "LOW"
  },
  "details": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.",
  "id": "GHSA-fh84-33w2-qrx7",
  "modified": "2023-11-09T15:30:29Z",
  "published": "2023-11-09T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47616"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-47616 (GCVE-0-2023-47616)

Vulnerability from cvelistv5

Published

2023-11-09 12:24

Modified

2024-09-03 19:34

Severity ?

2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.

References

►

URL

Tags

https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/

third-party-advisory

Impacted products

Vendor

Product

Version

►

Telit Cinterion

	Telit Cinterion	EHS5
	Telit Cinterion	EHS6
	Telit Cinterion	EHS8
	Telit Cinterion	PDS5
	Telit Cinterion	PDS6
	Telit Cinterion	PDS8
	Telit Cinterion	ELS61
	Telit Cinterion	ELS81
	Telit Cinterion	PLS62

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:09:37.416Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "KLCERT-22-193: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47616",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T19:34:03.922305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T19:34:41.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "BGS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS6",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "EHS8",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS5",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS6",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PDS8",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "ELS61",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "ELS81",
          "vendor": "Telit Cinterion"
        },
        {
          "defaultStatus": "affected",
          "product": "PLS62",
          "vendor": "Telit Cinterion"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Alexander Kozlov from Kaspersky"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Sergey Anufrienko from Kaspersky"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.4,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-09T17:20:44.169Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "name": "KLCERT-22-193: Telit Cinterion (Thales/Gemalto) modules. Exposure of Sensitive Information to an Unauthorized Actor",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://ics-cert.kaspersky.com/advisories/2023/11/09/klcert-22-193-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-02-21T12:45:00.000Z",
          "value": "Issue discovered by Kaspersky ICS CERT"
        },
        {
          "lang": "en",
          "time": "2023-04-27T15:56:00.000Z",
          "value": "Confirmed by Telit Cinterion"
        }
      ],
      "workarounds": [
        {
          "lang": "en",
          "value": "Control physical access to the device at all stages of transportation to protect against the embedding of backdoors."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2023-47616",
    "datePublished": "2023-11-09T12:24:33.382Z",
    "dateReserved": "2023-11-07T10:06:48.689Z",
    "dateUpdated": "2024-09-03T19:34:41.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.