Full Report
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.
Analysis Summary
# Vulnerability: Telit Cinterion Exposure of Sensitive Information via Virtual Paths
## CVE Details
- **CVE ID:** CVE-2023-47614
- **CVSS Score:** 3.3 (Low) - *Note: The source article mentions 0.0 initially but provide vector string AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N reflecting a Low severity.*
- **CWE:** CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
## Affected Systems
- **Products:** Telit Cinterion (formerly Thales/Gemalto) IoT Modules
- **Versions:**
- **BGS5:** Before RN 2.000 (ARN 01.001.08)
- **EHS5:** Before RN 4.013 (ARN 01.000.06)
- **EHS6:** (Rel 2, 3, 4) Before various versions (see specific ARN/RN in remediation)
- **EHS8 / EHS8 Rel.4:** Before various versions
- **ELS61 / ELS81:** Various regional variants (AUS, E, US, E2) before specific updates
- **PDS5 / PDS6 / PDS8:** PDS5 before updates; All versions of PDS6 and PDS8
- **PLS62 / PLS62-W:** All versions / Before RN 4.013
- **Configurations:** Systems where local, low-privileged users/applications can execute code or commands.
## Vulnerability Description
A flaw in the handling of internal file systems within the affected Telit Cinterion modules allows for the disclosure of sensitive information. The vulnerability enables a local attacker to identify and map hidden virtual paths and file names that should normally be restricted or obfuscated. This discovery can be used as a reconnaissance step for more complex attacks against the device's firmware or data storage.
## Exploitation
- **Status:** PoC availability not specified; No reports of active exploitation in the wild mentioned.
- **Complexity:** Low
- **Attack Vector:** Local
## Impact
- **Confidentiality:** Low (Disclosure of file names and paths)
- **Integrity:** None
- **Availability:** None
## Remediation
### Patches
Users should update to the following minimum versions or newer:
- **BGS5:** RN 2.000 / ARN 01.001.08
- **EHS5 / EHS6 Rel.4 / EHS8 Rel.4 / PDS5-E Rel.4 / PLS62-W Rel.1:** RN 4.013 / ARN 01.000.06
- **EHS6 Rel.2:** RN 2.000 / ARN 00.000.20
- **EHS6 Rel.3:** RN 3.001 / ARN 00.000.49
- **EHS8:** RN 3.011 / ARN 00.000.60
- **ELS61-AUS:** RN 1.004 / ARN 00.006.01
- **ELS61-E2:** RN 1.000 / ARN 00.026.01
- **ELS61-US Rel.2:** RN 2.012 / ARN 01.000.05
- **ELS81-E:** RN 4.000 / ARN 01.000.05
### Workarounds
- **Signature Verification:** Enforce strict application signature verification to prevent the installation and execution of untrusted or unauthorized MIDlets on the device.
- **Physical Security:** Maintain strict control over physical access to the device during transportation and storage to prevent the injection of malicious backdoors or unauthorized hardware access.
## Detection
- **Indicators of Compromise:** Unusual enumeration of file systems or execution of unauthorized MIDlets.
- **Detection Methods:** Audit installed MIDlets and monitor for unauthorized local access attempts to the module's command interface.
## References
- **Kaspersky ICS CERT Advisory:** hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2023/11/08/klcert-22-210-telit-cinterion-thales-gemalto-modules-exposure-of-sensitive-information-to-an-unauthorized-actor-vulnerability
- **NVD Entry:** hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2023-47614