CVE-2023-47610

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-47610
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
History

16 Nov 2023, 17:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
References () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ - () https://ics-cert.kaspersky.com/advisories/2023/11/08/klcert-23-018-telit-cinterion-thales-gemalto-modules-buffer-copy-without-checking-size-of-input-vulnerability/ - Third Party Advisory
CWE CWE-120
CPE cpe:2.3:o:telit:pds8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els81_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs6:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:bgs5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pds6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pls62:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs8:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els81:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:els61:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds8:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:ehs5:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:bgs5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:telit:pds6:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:ehs8_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:els61_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:telit:pls62_firmware:-:*:*:*:*:*:*:*
First Time Telit ehs6
Telit ehs5
Telit ehs5 Firmware
Telit
Telit els81 Firmware
Telit pds8
Telit pds5
Telit els81
Telit pls62
Telit ehs6 Firmware
Telit els61 Firmware
Telit ehs8
Telit bgs5 Firmware
Telit ehs8 Firmware
Telit pls62 Firmware
Telit pds5 Firmware
Telit pds6 Firmware
Telit bgs5
Telit pds8 Firmware
Telit els61
Telit pds6

09 Nov 2023, 19:32

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-09 17:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-47610

Mitre link : CVE-2023-47610

CVE.ORG link : CVE-2023-47610

JSON object : View

Products Affected

telit

  • pds6_firmware
  • pds6
  • els61_firmware
  • pds5
  • els81_firmware
  • ehs6
  • ehs8_firmware
  • els81
  • ehs8
  • ehs5
  • ehs5_firmware
  • els61
  • pls62_firmware
  • ehs6_firmware
  • pds8_firmware
  • bgs5_firmware
  • pls62
  • pds8
  • pds5_firmware
  • bgs5
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')